# Remotely Administered Evil 1 and 2

#### link to file: 

```
file: https://tinyurl.com/y4z72k5o
Password: hacktober
```

### Remotely Administered Evil 1: 

#### Briefing: 

```
What is the name of the executable in the malicious url? Submit the filename as the flag: flag{virus.bad}.
```

Simply opening it up in wireshark, we can see the flag- 

![](https://815184494-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MInDVexIZ47VkOdGSlp%2F-MKHklCk6dSFgumv0OPy%2F-MKHlYeAmRjtrUWvar3i%2FScreenshot%202020-10-23%20at%2001.05.18.png?alt=media\&token=20c8c202-5d34-42e9-979d-ed7c1618d0e0)

`flag{solut.exe}` 

### Remotely Administered Evil 2: 

#### Briefing: 

```
What MYDDNS domain is used for the post-infection traffic in RATPack.pcap?
Use the file from Remotely Administrated Evil.
```

All you need to do here is filter for `dns` traffic. Because there weren't too many packets, I spotted the flag almost immediately and didn't have to filter further. 

![](https://815184494-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MInDVexIZ47VkOdGSlp%2F-MKHklCk6dSFgumv0OPy%2F-MKHmBYyZVN4zPNEPvHD%2FScreenshot%202020-10-23%20at%2001.08.08.png?alt=media\&token=9e04e553-e079-4d4d-b5a8-d93a7777c2c2)

`flag{solution.myddns.me}`