daffainfo
/
ctf-writeup
mirror of https://github.com/daffainfo/ctf-writeup.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ctf-writeup/2023/RITSEC CTF 2023/Red Team Activity 2
History
daffainfo e6c48e50f1 feat: grouped the challs 2024-01-09 16:59:32 +07:00
..
images feat: grouped the challs 2024-01-09 16:59:32 +07:00
README.md feat: grouped the challs 2024-01-09 16:59:32 +07:00
auth.log feat: grouped the challs 2024-01-09 16:59:32 +07:00

README.md

Red Team Activity 2

Q2: Name of the malicious service?

Note: Flag format is RS{MD5sum()}

About the Challenge

We were given a log file (You can download the file here) and we need to find the malicious service

How to Solve?

To do this, I attempted to search the log file using the keyword .service, and discovered a strange service named bluetoothd.service

That's because there is a vim command executed before enable the service, So the user creating bluetoothd.service in the /usr/lib/systemd/system/ directory to convince that is a legit service.

service

Hash the service name using md5sum. Here is the command

echo -n bluetoothd.service | md5sum

And then wrap the output with RS{.*}

RS{a9f8f8a0abe37193f5b136a0d9c3d869}