TryHackMe Writeup: Recovery CTF

TryHackMe Writeup: Recovery CTF

In this article, I will be demonstrating my approach to completing the Recovery Capture The Flag (CTF), a free room available on the TryHackMe platform created by deltatemporal.

In this article, I will be demonstrating my approach to completing the Recovery Capture The Flag (CTF), a free room available on the TryHackMe platform created by _deltatemporal. _I have provided a link to the TryHackMe platform in the references below for anyone interested in trying out this CTF.


Disclaimer

I like to add a brief disclaimer before a writeup to encourage people to attempt the room before reading this article, since there will obviously be spoilers in this writeup. I believe you will enjoy the CTF more if you attempt it yourself first and then come back to this writeup if you get stuck or need a hint!

This is not your conventional CTF and so I found myself finding some flags before others. This will be reflected in my writeup , so just search for the flag you are stuck on if you don’t want any spoilers for other flags. Without any further delay, lets dive in!


CTF Background — Help Alex!

The following background is provided for the CTF and I have highlighted some important pieces of information in the description provided. Always read the challenge description carefully!!! (foreshadowing 😅)

Hi, it’s me, your friend Alex.

I’m not going to beat around the bush here; I need your help. As you know I work at a company called Recoverysoft. I work on the website side of things, and I setup a Ubuntu web server to run it. Yesterday one of my work colleagues sent me the following email:

_Hi Alex,_

_A recent security vulnerability has been discovered that affects the web server. Could you please run this binary on the server to implement the fix?_

_Regards_

_- Teo_

Attached was a _**_linux binary_ called _fixutil**. As instructed, I ran the binary, and all was good. But this morning, I tried to log into the server via SSH and I received this message:

YOU DIDN’T SAY THE MAGIC WORD!

YOU DIDN’T SAY THE MAGIC WORD!

YOU DIDN’T SAY THE MAGIC WORD!

It turns out that Teo got his mail account hacked, and fixutil was a targeted malware binary specifically built to destroy my webserver!

when I opened the website in my browser I get some crazy nonsense. The _**_webserver files had been encrypted**! Before you ask, I don’t have any other backups of the webserver (I know, I know, horrible practice, etc…), I don’t want to tell my boss, he’ll fire me for sure.

Please access the web server and _**_repair all the damage_ caused by fixutil. You can find the binary in my__ home directory_**. Here are my ssh credentials:

_Username: alex_

_Password: madeline_

I have setup a control panel to track your progress on port 1337._ Access it via your web browser. As you repair the damage, you can refresh the page to receive those “flags” I know you love hoarding._

tryhackme malware-analysis cybersecurity reverse-engineering capture-the-flag data analysis

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Managing Data as a Data Engineer:  Understanding Data Changes

Understand how data changes in a fast growing company makes working with data challenging. In the last article, we looked at how users view data and the challenges they face while using data.

Intro to Data Engineering for Data Scientists

Intro to Data Engineering for Data Scientists: An overview of data infrastructure which is frequently asked during interviews

Managing Data as a Data Engineer — Understanding Users

Understanding how users view data and their pain points when using data. In this article, I would like to share some of the things that I have learnt while managing terabytes of data in a fintech company.

Exploratory Data Analysis is a significant part of Data Science

Data science is omnipresent to advanced statistical and machine learning methods. For whatever length of time that there is data to analyse, the need to investigate is obvious.

Analysis, Price Modeling and Prediction: AirBnB Data for Seattle.

Analysis, Price Modeling and Prediction: AirBnB Data for Seattle. A detailed overview of AirBnB’s Seattle data analysis using Data Engineering & Machine Learning techniques.