Cu3rv0x
Psittaciformes

Psittaciformes


HTB

Descomprimimos el archivo

sudo tar -xvf catscale_parrot_20241223-2233.tar.gz

ssh_command.

Despues descomprimimos este archivo:

tar -xvf hidden-user-home-dir.tar.gz

ssh_command.

Vemos la historia de bash

bc home/johnspire/.bash_history

ssh_command.

What is the name of the malicious function within the script ran by the Pen Tester?

A) dowgetandrun

ssh_command.

 What is the password of the zip file downloaded within the malicious function?

A) superhacker

ssh_command.

ssh_command.

What is the full URL of the file downloaded by the attacker?

A) https://www.dropbox.com/scl/fi/uw8oxug0jydibnorjvyl2/blob.zip?rlkey=zmbys0idnbab9qnl45xhqn257&st=v22geon6&dl=1

ssh_command.

When did the attacker finally take out the real comments for the malicious function?

A) 2024-12-23 22:27:58

ssh_command.

The attacker changed the URL to download the file, what was it before the change?

https://www.dropbox.com/scl/fi/wu0lhwixtk2ap4nnbvv4a/blob.zip?rlkey=gmt8m9e7bd02obueh9q3voi5q&st=em7ud3pb&dl=1

ssh_command.

What is the MITRE technique ID utilized by the attacker to persist?

A) T1053.003

ssh_command.

ssh_command.

What is the name of the technique relevant to the binary the attacker runs?

A) T1496

ssh_command.

ssh_command.

© 2026 Cu3rv0x