An Unusual Sighting

OVERVIEW

---

Start the Instance and Download the given files . We were given two files sshd and bash_history

Now First Let’s see what is there in the instance

So We were asked a question
Ques 1) What is the IP Address and Port of the SSH Server (IP:PORT) ?

Let’s search it up in sshd file

There we go we can see the IP and port is given in the logs which is 100.107.36.130:2221

Now Second question is asked

Ques 2) What time is the first successful Login ?

Again Let’s see the sshd logs

And we found it which is 2024-02-13 11:29:50

Next Question is

Ques 3) What is the time of the unusual Login ?

Now Do you remember we were given a specific operational time in description of challenge

So let’s search about the time after or before this operational time

Yep we found it which is 2024-02-19 04:00:14

Now next question

Ques 4) What is the Fingerprint of the attacker's public key ?

Now lets search it in the attacker time slot in sshd logs

And Here We go got the finger print which is OPkBSs6okUKraq8pYo4XwwBg55QSo210F09FCe1-yj4

Move on to the next question

Ques 5) What is the first command the attacker executed after logging in ?

To see it we will now search up the attacker time slot in bash_history file

And we found the command which is whoami

Now next question

Ques 6) What is the final command the attacker executed before logging out ?

Similarly as above question let’s search the bash history file

And it is ./setup

Now submitting all these answers one by one in the shell will gives you the flag

WE FINALLY DID IT !!!! CHALLENGE SOLVED !!

For Any Query Or Problem Either Leave A Comment Or Contact At reapsec.com

THANKS FOR READING !!!