mirror of
https://github.com/dirtbags/moth.git
synced 2025-01-07 12:30:47 -07:00
Neale Pickett
89ebd469d7
Also, modularize the build. This is now a single project for all CTF packages.
13 lines
596 B
HTML
Executable file
13 lines
596 B
HTML
Executable file
|
|
You have suspicions that a certain windows box has been infected by a Trojan. You have been given access to a memory image from this box.<A href="http://10.1.1.2/10/xp-laptop-2005-06-25.img">xp-laptop-2005-06-25.img</A> Use the memory image to determine if the machine has been infected.
|
|
</BR>
|
|
In order to answer the questions:
|
|
</BR>
|
|
- Determine if the machine has been infected.
|
|
</BR>
|
|
- If it has not been infected, list "no" as your answer.
|
|
</BR>
|
|
- If it has been infected, list the process name of the Trojan
|
|
</BR>
|
|
HINT: You know from googling that the Trojan uses the passWD.log file.
|
|
|