Merge branch 'main' of github.com:edoardottt/tryhackme-ctf

Author: edoardottt

Advent-of-Cyber-2021/Day-06-Patch_Management_Is_Hard/README.md

@@ -21,10 +21,10 @@ Now that you read the index.php, there is a login credential PHP file's path. Us
 
 - `**************************`
 
-The web application logs all users' requests, and only authorized users can read the log file. Use the LFI to gain RCE via the log file page. What is the hostname of the webserver? The log file location is at ./includes/logs/app_access.log.
+- The web application logs all users' requests, and only authorized users can read the log file. Use the LFI to gain RCE via the log file page. What is the hostname of the webserver? The log file location is at ./includes/logs/app_access.log.
 
 - `**************************************`
 
-Bonus: The current PHP configuration stores the PHP session files in /tmp. Use the LFI to call the PHP session file to get your PHP code executed. 
+- Bonus: The current PHP configuration stores the PHP session files in /tmp. Use the LFI to call the PHP session file to get your PHP code executed. 
 
-No answer needed
+No answer needed

Advent-of-Cyber-2021/Day-07-Migration_Without_Security/README.md

@@ -2,18 +2,18 @@
 
 - Interact with the MongoDB server to find the flag. What is the flag?
 
-- `***{********************************}`
+ - `***{********************************}`
 
 We discussed how to bypass login pages as an admin. Can you log into the application that Grinch Enterprise controls as admin and retrieve the flag?
 
 Use the knowledge given in AoC3 day 4 to setup and run Burp Suite proxy to intercept the HTTP request for the login page. Then modify the POST parameter.
 
-- `***{********************************}`
+ - `***{********************************}`
 
 - Once you are logged in, use the gift search page to list all usernames that have guest roles. What is the flag?
 
-- `***{********************************}`
+ - `***{********************************}`
 
 - Use the gift search page to perform NoSQL injection and retrieve the mcskidy record. What is the details record?
 
-- `*************************************`
+ - `*************************************`

Advent-of-Cyber-2021/Day-08-Santas_Bag_of_Toys/README.md

@@ -15,17 +15,17 @@ Open the first transcription log. You can see the commands and output for everyt
 
 - What operating system is Santa's laptop running ("OS Name")?
 
-- `********* ******* ** ***`
+- `********* ******* ** ***`
 
 Review each transcription log to get an idea for what activity was performed on the laptop just after it went missing. In the "second" transcription log, it seems as if the perpetrator created a backdoor user account!
 
 - What was the password set for the new "backdoor" account?
 
-- `********************`
+- `********************`
 
 - In one of the transcription logs, the bad actor interacts with the target under the new backdoor user account, and copies a unique file to the Desktop. Before it is copied to the Desktop, what is the full path of the original file? 
 
-- `*:*****************************************************.***`
+- `*:*****************************************************.***`
 
 The actor uses a Living Off The Land binary (LOLbin) to encode this file, and then verifies it succeeded by viewing the output file. What is the name of this LOLbin?
 
@@ -39,21 +39,21 @@ Under the Desktop folder, there seems to be a suspicious folder named "SantaRat"
 
 - Drill down into the folders and see if you can find anything that might indicate how we could better track down what this SantaRat really is. What specific folder name clues us in that this might be publicly accessible software hosted on a code-sharing platform?
 
-- `******`
+- `******`
 
 Additionally, there is a unique folder named "Bag of Toys" on the Desktop! This must be where Santa prepares his collection of toys, and this is certainly sensitive data that the actor could have compromised. What is the name of the file found in this folder? 
 
 - What is the name of the user that owns the SantaRat repository?
 
-- `**********`
+- `**********`
 
 - Explore the other repositories that this user owns. What is the name of the repository that seems especially pertinent to our investigation?
 
-- `*********************`
+- `*********************`
 
 - Read the information presented in this repository. It seems as if the actor has, in fact, compromised and tampered with Santa's bag of toys! You can review the activity in the transcription logs. It looks as if the actor installed a special utility to collect and eventually exfiltrate the bag of toys. What is the name of the executable that installed a unique utility the actor used to collect the bag of toys?
 
-- `*****************.***`
+- `*****************.***`
 
 In the last transcription log, you can see the activity that this actor used to tamper with Santa's bag of toys! It looks as if they collected the original contents with a UHA archive. A UHA archive is similar to a ZIP or RAR archive, but faster and with better compression rates. It is very rare to see, but it looks the Grinch Enterprises are pulling out all the tricks!
 
@@ -66,7 +66,7 @@ We know that the actor seemingly collected the original bag of toys. Maybe there
 
 - What is the password to the original bag_of_toys.uha archive? (You do not need to perform any password-cracking or bruteforce attempts)
 
-- `***************************`
+- `***************************`
 
 McSkidy was able to download and save a copy of the bag_of_toys.uha archive, and you have it accessible on the Desktop of the Windows analysis machine. After uncovering the password from the actor's GitHub repository, you have everything you need to restore Santa's original bag of toys!! 
 
@@ -76,4 +76,4 @@ With that, you have successfully recovered the original contents of Santa's Bag
 
 - How many original files were present in Santa's Bag of Toys?
 
-- `***`
+- `***`

Advent-of-Cyber-2021/Day-09-Where_Is_All_This_Data_Going/README.md

@@ -2,28 +2,28 @@
 
 - In the HTTP #1 - GET requests section, which directory is found on the web server?
 
-- `*****`
+ - `*****`
 
 - What is the username and password used in the login page in the HTTP #2 - POST section? 
 
-- `*******************`
+ - `*******************`
 
 - What is the User-Agent's name that has been sent in HTTP #2 - POST section?
 
-- `***************************************`
+ - `***************************************`
 
 - In the DNS section, there is a TXT DNS query. What is the flag in the message of that DNS query?
 
-- `*******************************`
+ - `*******************************`
 
 - In the FTP section, what is the FTP login password?
 
-- `**********`
+ - `**********`
 
 - In the FTP section, what is the FTP command used to upload the secret.txt file?
 
-- `****`
+ - `****`
 
 - In the FTP section, what is the content of the secret.txt file?
 
-- `*********`
+ - `*********`

Advent-of-Cyber-2021/Day-10-Offensive_Is_The_Best_Defence/README.md

@@ -2,36 +2,36 @@
 
 - Help McSkidy and run nmap -sT MACHINE_IP. How many ports are open between 1 and 100?
 
-- `*`
+- `*`
 
 - What is the smallest port number that is open?
 
-- `**`
+- `**`
 
 - What is the service related to the highest port number you found in the first question?
 
-- `****`
+- `****`
 
 - Now run nmap -sS MACHINE_IP. Did you get the same results? (Y/N)
 
-- `*`
+- `*`
 
 - If you want Nmap to detect the version info of the services installed, you can use nmap -sV MACHINE_IP. What is the version number of the web server?
 
-- `*****************`
+- `*****************`
 
 - By checking the vulnerabilities related to the installed web server, you learn that there is a critical vulnerability that allows path traversal and remote code execution. Now you can tell McSkidy that Grinch Enterprises used this vulnerability. What is the CVE number of the vulnerability that was solved in version 2.4.51?
 
-- `**************`
+- `**************`
 
 - You are putting the pieces together and have a good idea of how your web server was exploited. McSkidy is suspicious that the attacker might have installed a backdoor. She asks you to check if there is some service listening on an uncommon port, i.e. outside the 1000 common ports that Nmap scans by default. She explains that adding -p1-65535 or -p- will scan all 65,535 TCP ports instead of only scanning the 1000 most common ports. What is the port number that appeared in the results now?
 
-- `*****`
+- `*****`
 
 - What is the name of the program listening on the newly discovered port?
 
-- `*******`
+- `*******`
 
 If you would like to learn more about the topics covered in today’s tasks, we recommend checking out the Network Security module.
 
-No answer needed
+No answer needed