Post

HackTheBox An unusual sighting Writeup

Posted
By x3ric
1 min read

Explore the basics of cybersecurity in the An unusual sighting Challenge on Hack The Box. This very-easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

What is the IP Address and Port of the SSH Server (IP:PORT)

100.107.36.130:2221
This is confirmed from the SSH logs:
Connection from 101.111.18.92 port 44711 on 100.107.36.130 port 2221.

What time is the first successful Login

2024-02-13 11:29:50

What is the time of the unusual Login

2024-02-19 04:00:14
The login at 04:00 AM is suspicious, as the Korp’s operating hours are from 09:00 to 19:00.

What is the Fingerprint of the attacker’s public key

OPkBSs6okUKraq8pYo4XwwBg55QSo210F09FCe1-yj4
This fingerprint is found in the logs as:
ECDSA SHA256:OPkBSs6okUKraq8pYo4XwwBg55QSo210F09FCe1.

What is the first command the attacker executed after logging in

whoami
This is recorded in the bash history:
[2024-02-19 04:00:18] whoami.

What is the final command the attacker executed before logging out

./setup
This is found in the bash history:
[2024-02-19 04:14:02] ./setup.

challenge
htb challenge writeup linux forensics
This post is licensed under CC BY 4.0 by the author.