-
Notifications
You must be signed in to change notification settings - Fork 5
/
challenge.yml
54 lines (42 loc) · 1.4 KB
/
challenge.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
---
name: "dev.corp 2/4"
author: "Worty"
category: "Forensic"
description: "Apparently updates are not done at dev.corp ...<br><br>
dev.corp also expose a gitlab on internet for developers, and this might be the worst idea they had..<br><br>
Download links :<br>
- https://mega.nz/file/KU5ASKxT#zojfii1C-mcc-qu2nfeyOzxXrI2Z-IuwRIBT71Y_qdo<br>
- https://mega.nz/file/ndQzUS5C#UxAbrID6YIzjfye1dctx7bOxmxNDuR0zZqbgpASO_Jc
sha256sums :<br>
- git_content.zip: 0e1da815d14bdf05a0906e12a5e8cc0f442a52bf3117a1df7c06fe7f09e0c2f4<br>
- gitlab_logs.zip: 2e5c1bbda9a3121cbe80e5c42e9b66e3a6d60874d6e9ad6e4c29018bf4db7f42<br>
- web_srv_dd_part.zip : beff6c7300119f6ca88044f3945e2d4c4c2121c2af3f9652aec6aa10b8a040c7
Could you find :<br>
- The malicious commit id<br>
- The ip address of this malicous commit<br>
- The name of the file that was used to privesc<br><br>
Format : **Hero{b02a4678405a52b85972d75020b57cb4f83a7e8d:127.0.0.1:/tmp/pkexec}**<br>
Author : **Worty**"
value: null
type: dynamic
extra:
initial: 500
decay: 100
minimum: 50
image: null
host: null
flags:
- {
type: "static",
content: "Hero{79abbe885602805e31bd297873393af74b2a3bd9:158.49.62.15:/var/www/web_srv_site/.git/hooks/post-merge}",
data: "case_sensitive",
}
tags:
- medium
- forensic
files:
- gitlab_logs.zip
requirements:
- "dev.corp 1/4"
state: visible
version: "0.1"