Home CTFs | HeroCTF_2024 | Forensique | Tenant trouble
Post
Cancel

CTFs | HeroCTF_2024 | Forensique | Tenant trouble

Tenant trouble

image

In this chall, we are given a .csv file that looks like this:

image

We can use the following bash command to list the number of connection of each user:

image

As we can see, the user mister.bennet@winchester77.onmicrosoft.com has much more connection than any other user. We can guess that this is the target of the attack. We can now grep this email in the.csv and see when we see a lot of UserLoginFailed:

image

With all this information, we can now create the flag Hero{2024-05-02;mister.bennet@winchester77.onmicrosoft.com}

This post is licensed under CC BY 4.0 by the author.