forensicskween

HackTheBox: No Place To Hide

We found evidence of a password spray attack against the Domain Controller, and identified a suspicious RDP session. We'll provide you with our RDP logs and other files. Can you see what they were up to?

Information

Challenge: No Place To Hide

Category: Forensics

Difficulty: Easy

Files : ‘No Place To Hide.zip’
2.7 MB
– Cache0000.bin 18 MB
– bcache24.bmc 0

Environment: Remnux VM

 

My Recommendations

Download it from hackthebox and verify it with:

sha256sum /path/to/'No Place To Hide.zip'

SHA256SUM: db0866a21a3135e977d466163505667e57dd01fd1a1ffd281aba59a4abf16332

Walkthrough

1. File Analysis

The file is a BMC cache file. Luckily,a tool exists to parse it. 

				
					curl -O https://raw.githubusercontent.com/ANSSI-FR/bmc-tools/master/bmc-tools.py
mkdir output
python3 bmc-tools.py -s Cache0000.bin -d output -b

Then, we just need to find and open the biggest .bmp file in the output directory, which is Cache0000.bin_collage.bmp.

and here, we can see a portion of the flag!

Flag: HTB{w47ch_y0ur_c0Nn3C71}

Twitter Github Discord

Recent Posts

Follow Us

Featured Video

Guide

forensicskween

Leave a ReplyCancel reply

Twitter
Reddit
Facebook

••• You Might Also Enjoy

Socials

Twitter Github
Resources
None
Pages

Copyright © 2023 forensicskween

Discover more from forensicskween

Subscribe now to keep reading and get access to the full archive.

Continue reading

Exit mobile version
%%footer%%