Challenger RedTrails

I found two of the three parts of the Flag, one of which was obfuscated in malware and the other in plain text. During the analysis, I noticed an excerpt that evidenced the attacker’s exploitation by “dump” user accounts from the Redis database, which can be easily found in Wireshark. Despite this, I still haven’t been able to locate the last part. Could someone give me some help?

5 Likes

I try by recovering the hash passwords
and try to see with the codes in the usernames
for now valid key
there are 10 valid hashes with hashcat
for the third part of the flag
part1: 3
part2: c
these are my suggestions for part three
if you have any suggestions
it would be very appreciated

It’s all enumeration and digging. You should notice some encoded text and a suspicious module. See if you’re able to reverse your current thought process and analyze that module somehow.

I’m in the same page, I tried for almost a day, 2/3 completed. Tried to get the last flag with hashcat but nothing works, maybe we are missing something… anyone can help us? I will really appreciated it.

I’m the same have 2/3. Does the last one have the do with the bulk string responses? Because I can’t find anyway to deserialize the Redis bulk strings.

Do you mean the encoded script? Downloaded with wget?

(post deleted by author)

any hints for the third flag?