🥷
TryHackMe
  • 🥷TryHackMe
  • Web Hacking Fundamentals
    • OWASP Top10
      • Task 5
      • Task 7
      • Task 8~11
      • Task 12~16
      • Task 20
      • Task 21~26
      • Task 29
  • Jr Penetration Tester
    • Introduction to Cyber Security
  • Red Teaming
    • Red Team Fundamentals
  • EXTRA
    • Advent of Cyber 2022
      • Day 1
      • Day 2
      • Day 3
      • Day 4
      • Day 5
      • Day 6
      • Day 7
      • Day 8
      • Day 9
      • Day 10
      • Day 11
Powered by GitBook
On this page
  • What is the version of CyberChef found in the attached VM?
  • How many recipes were used to extract URLs from the malicious doc?
  • We found a URL that was downloading a suspicious file; what is the name of that malware?
  • What is the last defanged URL of the bandityeti domain found in the last step?
  • What is the ticket found in one of the domains? (Format: Domain/<GOLDEN_FLAG>)
  1. EXTRA
  2. Advent of Cyber 2022

Day 7

PreviousDay 6NextDay 8

Last updated 2 years ago

What is the version of CyberChef found in the attached VM?

9.49.0

How many recipes were used to extract URLs from the malicious doc?

  1. strings

  2. Find / Replace

  3. Drop bytes

  4. From base64

  5. Decode text

  6. Find/Replace (to remove patterns)

  7. Find/Replace

  8. Extract URLs

  9. Split

  10. Defang URL

10

We found a URL that was downloading a suspicious file; what is the name of that malware?

Last step will solve the next 3 questions

mysterygift.exe

What is the last defanged URL of the bandityeti domain found in the last step?

hxxps[://]cdn[.]bandityeti[.]THM/files/index/

What is the ticket found in one of the domains? (Format: Domain/<GOLDEN_FLAG>)

THM_MYSTERY_FLAG

CyberChef