[Day 24] [Mobile analysis] You Are on the Naughty List, McGreedy | TryHackMe THM | Advent of Cyber AoC 2023
Before we begin, please join our chat to solve the upcoming tasks: https://t.me/adventofcyber
- One of the photos contains a flag. What is it?
2. What name does Tracy use to save Detective Frost-eau’s phone number?
3. One SMS exchanged with Van Sprinkles contains a password. What is it?
[Day 24] The Confrontation Jolly Judgment Day
Question: 1/6
Judge: Mr. McGreedy, the opposition claims you masterminded a revenge plot against the company. What do you say to that?
McGreedy: I’m unaware of anything like that. Rest assured, any allegations of my involvement are completely baseless and fictional.
Information from ChatBot
PurpleSnow
Question: 2/6
Judge: Mr. McGreedy, the opposition claims you have been using your old hacker handle in your activities, which is how they were able to identify your accounts. Is this correct?
McGreedy: I have never had a hacker handle, not even a nickname, this is absurd!
Notes in MS-DOS Computer
Gr33dster
Question: 3/6
Judge: The court is informed of an extensive investigation that started after the USB incident, and has uncovered a trail leading to a command-and-control server central to this cyber activity. Mr. McGreedy, are you aware of or connected to this server? Your input could be vital in clarifying this case.
McGreedy: I’m not involved. Sprinkles has always been a bit rogue. Claiming I’m part of this malware issue is an extreme stretch. There’s no evidence linking me to such recklessness.
Dropped USBs
mcgreedysecrets2.thm
Question: 4/6
Judge: Mr. McGreedy, you’re claiming you’re being framed, but the opposition emphasizes your technical skills and describes you as being capable of leading such a cyber operation. They claim to have proof for you orchestrating attacks on AntarctiCrafts and Best Festival Company.
McGreedy: Technical expertise? You’re overestimating me. My knowledge is basic at most. Ask me about the dark web versus the clear web, and I’d probably stumble!
Server Takeover Password
GreedyGrabber1@
Question: 5/6
Judge: The court is informed of an extensive investigation that started after the USB incident and has uncovered a trail leading to a command-and-control server central to this cyber activity. Mr. McGreedy, are you aware of or connected to this server? Your input could be vital in clarifying this case.
McGreedy: A command-and-control server? While the implication of my involvement is almost flattering, it’s utterly absurd. I’m not familiar with this server. There are countless networks, and linking me to this particular one without solid evidence is merely speculative.
- C2 Server Credentials
- Malware Sample
mcgreedy
stash.mcgreedy.thm
Question: 6/6
Judge: The evidence so far, though compelling, is circumstantial. It suggests, but doesn’t conclusively, link Mr. McGreedy to the allegations. Does the opposition have more solid evidence that directly ties Mr. McGreedy to these crimes?
McGreedy: Even the judge sees it’s just circumstantial fluff, all conjecture and guesswork. You’re still fishing for that one piece to seal my fate? In the digital shadows, solid evidence is rare. And you won’t find any against me. I’m almost eager to see what you try next.
Forensic Image of McGreedy’s Phone
Van Sprinkless
What is the final flag?
[Day 24] Feedback We wish you a Merry Survey
That's it. If you enjoyed this room, please follow me and don’t forget about our chat https://t.me/adventofcyber
