Remotely Administered Evil 1 and 2

link to file:

file: https://tinyurl.com/y4z72k5o
Password: hacktober

Remotely Administered Evil 1:

Briefing:

What is the name of the executable in the malicious url? Submit the filename as the flag: flag{virus.bad}.

Simply opening it up in wireshark, we can see the flag-

flag{solut.exe}

Remotely Administered Evil 2:

Briefing:

What MYDDNS domain is used for the post-infection traffic in RATPack.pcap?
Use the file from Remotely Administrated Evil.

All you need to do here is filter for dns traffic. Because there weren't too many packets, I spotted the flag almost immediately and didn't have to filter further.

flag{solution.myddns.me}

PreviousEvil Corp's Child 1, 2 and 3 NextAn Evil Christmas Carol 1 and 2

Last updated 3 years ago