Hackthebox CyberApoclypse 2023 | The Cursed Mission

Forensic Challenge:  Rotten

Description:

The iMoS is responsible for collecting and analyzing targeting data across various galaxies. The data is collected through their webserver, which is accessible to authorized personnel only. However, the iMoS suspects that their webserver has been compromised, and they are unable to locate the source of the breach. They suspect that some kind of shell has been uploaded, but they are unable to find it. The iMoS have provided you with some network data to analyse, its up to you to save us.

Download Files:

forensics_roten.zip

1️⃣ Open the challenge.pcap file with wireshark

sudo wireshark challenge.pcap

2️⃣ Filter to http and thengo th bottom

3️⃣ map-update.phphas upload functionality and the malicious php called galacticmap.php

4️⃣ Decode the malicious php code and print out

Congragulations:

HTB{W0w_R0t_A_DaY}