CTFs | HeroCTF_2024 | Forensique | Tenant trouble

Posted Oct 26, 2024 Updated Oct 27, 2024

By Bat

1 min read

Tenant trouble

In this chall, we are given a .csv file that looks like this:

We can use the following bash command to list the number of connection of each user:

As we can see, the user mister.bennet@winchester77.onmicrosoft.com has much more connection than any other user. We can guess that this is the target of the attack. We can now grep this email in the.csv and see when we see a lot of UserLoginFailed:

With all this information, we can now create the flag Hero{2024-05-02;mister.bennet@winchester77.onmicrosoft.com}

CTFs, HeroCTF_2024, Forensique

Forensique Forensic

This post is licensed under CC BY 4.0 by the author.

CTFs | HeroCTF_2024 | Forensique | Tenant trouble

Tenant trouble

Further Reading

CTFs | HeroCTF_2024 | Forensique | Transformers

CTFs | HeroCTF_2024 | Forensique | LazySysAdmin2

CTFs | 404CTF_2024 | Investigation Numerique | Du poison