ECW - At your service

Posted on ven. 22 novembre 2019 in CTF 

At your service (150 points + ???)

Our internal IT team has developed an innovative tool to assist users in their daily tasks.

This tool has been deployed on some Windows workstations last months, but we strongly suspect that attackers have used it to gain administrator privileges on these machines.

The service is installed on a Windows workstation on the Administrative Center LAN with the IP address 10.0.40.10. You can connect with RDP to this machine using the following credentials: user / user.

On se connecte en rdp sur le serveur avec les identifiants fournis. La description indique que c'est un service que nous cherchons. Nous pouvons donc ouvrirs la console des services :

services.msc

On voit alors un service appelé Alfred (merci Batman :p) avec une belle desciption :

alfred.png

On a donc le premier flag de l'épreuve et les 25 points associés :).

hack learn ctf forensic writeup ecw windows service