Description
In June 2023, an operator of vital importance falls victim to an attack that compromises its entire information system. You received the Linux and Windows logs and must answer the investigators’ questions.
This challenge is part of a serie. The parts are numbered in the chronological order of the attack, but it is not necessary to solve them in order :
- SOCrate 1/6 - Technologie
- SOCrate 2/6 - Reverse shell
- SOCrate 3/6 - Outil téléchargé
- SOCrate 4/6 - Latéralisation
- SOCrate 5/6 - Vol de clés
- SOCrate 6/6 - Outil utilisé
The attacker wanted to retrieve a sensitive file from a machine, but did not have sufficient rights. He gave himself the permissions and then downloaded the file. Find the FQDN of the target machine and the path to this file. Also find the source IP address from which the attacker was operating to connect to the target machine.
Flag format (case insensitive): FCSC{FQDN_VICTIME|CHEMIN_ABSOLU|IP_SOURCE}
Example: FCSC{laptop-1337.gouv.lan|C:\Users\Public\secret.pdf|10.42.43.44}
Files
-
socrate.tar.xz
237.27 MiB – f2ac337b372fba041ecccb20d18cf00401ab428457a68460bdfef4090e2b2313
Author
Flag
Submit your solution
You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.
You need to be logged in to submit a writeup.
Writeups
There are no public solutions for this challenge yet, but you can submit yours after getting the flag.