Académie de l'investigation - Porte dérobée

Description

A remote machine is connected to the machine under analysis through a backdoor, with the ability to run arbitrary commands.

Questions:

What is the port number listenning for this connexion?
What is the remote IP address connected during the dump?
What is the timestamp of the creation of the processus in UTC?

Note : The flag follows the format: FCSC{port:IP:YYYY-MM-DD HH:MM:SS}.

This challenge has been split into seven parts:

Académie de l’investigation - C’est la rentrée.
Académie de l’investigation - Administration.
Académie de l’investigation - Premiers artéfacts.
Académie de l’investigation - Porte dérobée.
Académie de l’investigation - Rédaction.
Académie de l’investigation - Partage.
Académie de l’investigation - Dans les nuages.

Files

dmp.mem.tar.xz
155.40 MiB – a6b98f7b21cdc81ed319ff158bf4e56d885546fd1f98e860ef622066b0951fff

Author

alx

Flag

You don't have JavaScript actived. No problem! You can check your flag like this: echo -n 'PUT_THE_FLAG_HERE' | sha256sum # possible output: 2cf2ca9371cddfd9af7fa8aeaaf809fe41613355051318fecca663c300ccf15b

Writeups

I've been looking for a long time and I still can't find the flag!

You can vote for the solutions you prefer by using the on their respective pages.

Date	Author	Language	Tags	Vote
2024-05-04	lrstx	🇫🇷