TryHackMe: [Day 20] Blue Teaming What’s the Worst That Could Happen?
- Open the terminal and navigate to the file on the desktop named ‘testfile’. Using the ‘strings’ command, check the strings in the file. There is only a single line of output to the ‘strings’ command. What is the output?
ANS: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
EXPLANATION:
Step 1: ls
Step 2: cd Desktop →ls
Step 3: strings testfile
2. Check the file type of ‘testfile’ using the ‘file’ command. What is the file type?
ANS: EICAR virus test files
EXPLANATION:
Step 1: file testfile
3. Calculate the file’s hash and search for it on VirusTotal. When was the file first seen in the wild?
ANS: 2005–10–17 22:03:48
EXPLANATION:
Step 1: md5sum testfile
Step 2: Copy the hash and Go to Virustotal.com ,Paste the hash in the search box.
Step 3: Go to Details and Search for First Seen In The Wild in History.
4. On VirusTotal’s detection tab, what is the classification assigned to the file by Microsoft?
ANS: Virus:DOS/EICAR_Test_File
EXPLANATION:
Step 1: Go to the Detection , Search for Microsoft
5. Go to this link to learn more about this file and what it is used for. What were the first two names of this file?
ANS: ducklin.htm or ducklin-html.htm
EXPLANATION:
Step 1: Go to this link (https://www.eicar.org/?page_id=3950)and search for the filename use
6. The file has 68 characters in the start known as the known string. It can be appended with whitespace characters upto a limited number of characters. What is the maximum number of total characters that can be in the file?
ANS: 128
EXPLANATION:
Step 1: Go to this link (https://www.eicar.org/?page_id=3950)and search maximum number of total characters that can be in the file
*****************THANK YOU****KEEP LEARNING ******************
HOPE GUYS, THIS WALKTHROUGH MIGHT HELP YOU,IF SO LIKE THE WRITE UP ,LIKE & FOLLOW TO THE BLOG AND PROFILE WILL BE MUCH APPRECIATED
FOLLOW MY PROFILE FOR MORE WRITE-UPS
****************************PEACE********************************