title

Barbhack 2023 - RIP My PXE - Forensic | Itarow

charset

utf-8

X-UA-Compatible

IE=edge

description

Some write up of cool CTF's challenges and infosec content

viewport

width=device-width, initial-scale=1

og:title

Barbhack 2023 - RIP My PXE - Forensic

og:description

Here is the solution of the challenge “RIP My PXE” which I create for barbhack CTF, the challenge is divided in three parts. Step 1 Unfortunately! Our company’s PXE server and our super autoinstall were compromised and our new employees installed their PCs afterwards … Here’s the dump of one of the machines we think has been compromised, please help us understand what the attacker has done. A first backdoor has been inserted so that the attacker can retrieve a shell, please find the domain, the port of the attacker’s C2, as well as the binary that triggers the backdoor.

og:type

article

og:url

https://blog.itarow.xyz/posts/rip_my_pxe/

twitter:card

summary

twitter:title

Barbhack 2023 - RIP My PXE - Forensic

twitter:description

Here is the solution of the challenge “RIP My PXE” which I create for barbhack CTF, the challenge is divided in three parts. Step 1 Unfortunately! Our company’s PXE server and our super autoinstall were compromised and our new employees installed their PCs afterwards … Here’s the dump of one of the machines we think has been compromised, please help us understand what the attacker has done. A first backdoor has been inserted so that the attacker can retrieve a shell, please find the domain, the port of the attacker’s C2, as well as the binary that triggers the backdoor.

canonical

https://blog.itarow.xyz/posts/rip_my_pxe/

icon

https://blog.itarow.xyz/images/favicon.ico

preload

/lib/font-awesome/webfonts/fa-brands-400.woff2

preload

/lib/font-awesome/webfonts/fa-regular-400.woff2

preload

/lib/font-awesome/webfonts/fa-solid-900.woff2