Security Blog, Rants, Raves, Write-ups, and Code
Intel
| Name: | Peel Back The Layers |
|---|---|
| Hint: | It seems a huge trove of credit card details is being sold by a group going by the name flinchsec. Can you find any sites or artefacts associated with this group that we can use to detect them? |
| Base Points: | Easy - Retired [0] |
| Rated Difficulty: |  |
|
HTB-Bot  |
| Creator: | fallamos  |
There is no download on this one but check the hint:
Hint: It seems a huge trove of credit card details is being sold by a group going by the name flinchsec. Can you find any sites or artefacts associated with this group that we can use to detect them?`
We first need to search for flinchsec. The very first result is a LinkedIN profile for Ractor Burton in the UK:
Clicking the Contact Info link will pop up a window with a website link of:
But when we click that link, we get a "Page not found" error.
If we check the Wayback Machine (internet Archive) and go back to the Oct 2020 snapshot, we can see the old website.
Follow that github link and dig through it. In Tags we find a v01 tag. Clicking it, we see an exe, a zip, and a tarball. If we download the exe, we can attempt to reverse engineer it. Once I download it, my AV goes ballistic. So instead, sandbox the file and upload it into VirusTotal.
Sure enough, it's a Trojan. Go to the Details tab, and you'll see the flag under the Names section.
HTB{051N7_F0R_M3}.exe
©2020 Phoenix Computing Solutions | Powered by Coffee, Sarcasm, and Insanity
Everything included in the site is the intellectual property of Chris Ruggieri (Neocount Phoenix) and Phoenix Computing Solutions.
This information should not be construed as legal advice. The owner can not be held liable for anything another entity does with this information.
This information is solely the opinions and experiences of myself (Chris Ruggieri) and should not be construed as endorsement of any product, service, or of illegal activity
(GET WRITTEN PERMISSION PEOPLE!!)
Any links I provide as a convenience and for informational purposes only; they do not constitute an endorsement or an approval by the owner of this site for any of the products, services or opinions of the corporation or organization or individual.
Contact the external sites for answers to questions regarding its content.
This Includes any links posted by Chris Ruggieri in any other websites, Social Media networks, Online Groups and Online sharing Websites.