Insider - Image Forensics

  1. What distribution of Linux is being used on this machine?

    # /root/boot/grub/
kali

  2. What is the MD5 hash of the apache access.log?

    # /var/log/apache2/accesslog
d41d8cd98f00b204e9800998ecf8427e

  3. It is believed that a credential dumping tool was downloaded? What is the file name of the download?

    # /root/Downloads/mimikatz_trunk.zip
mimikatz_trunk.zip

  4. There was a super-secret file created. What is the absolute path?

    # /root/Desktop/bash_history
/root/Desktop/SuperSecretFile.txt

  5. What program used didyouthinkwedmakeiteasy.jpg during execution?

    # /root/Desktop/bash_history
binwalk

  6. What is the third goal from the checklist Karen created?

    # /root/Desktop/Checklist
profit

  7. How many times was apache run?

    # access.log file have nothing
0

  8. It is believed this machine was used to attack another. What file proves this?

    # /root/irZLAohL.jpeg
irZLAohL.jpeg

  9. Within the Documents file path, it is believed that Karen was taunting a fellow computer expert through a bash script. Who was Karen taunting?

    young

  10. A user su'd to root at 11:26 multiple times. Who was it?

    # /var/log/auth.log
postgres

  11. Based on the bash history, what is the current working directory?

    # /root/Documents/myfirsthack/
PreviousHunter - Windows Image ForensicsNextHireMe - Windows Image Forensics

Last updated

Was this helpful?