The Advent of Cyber: Day 8: Shellcodes - Shellcodes of the world, unite! (TryHackMe)
In this article, we’ll cover the Shellcodes - Shellcodes of the world, unite! write-up as the Day 8 challenge of the Advent of Cyber event challenge. It was interesting to grasp the fundamentals of writing shellcodes for reverse shells while executing with Powershell. We’re still at Wareville for SOC-mas!
Let's dive into the story and troubleshoot the issue in this part of the task. Glitch has realized he's no longer receiving incoming connections from his home base. Mayor Malware's minion team seems to have tampered with the shellcode and updated both the IP and port, preventing Glitch from connecting. The correct IP address for Glitch is ATTACKBOX_IP, and the successful connection port should be 4444.
Can you help Glitch identify and update the shellcode with the correct IP and port to restore the connection and reclaim control?
Answer the questions below
What is the flag value once Glitch gets reverse shell on the digital vault using port 4444? Note: The flag may take around a minute to appear in the C:\Users\glitch\Desktop directory. You can view the content of the flag by using the command type C:\Users\glitch\Desktop\flag.txt.
AOC{GOT MYACCESS_B@CK007}
Are you interested in learning more about evasion? Take a look at the AV Evasion: Shellcode room.
Thank you for reading this article. Please leave a comment with your thoughts, areas for improvement, other suggestions, and questions. Stay secure until the next one!