CyberDefenders - GrabThePhisher CTF

Intro

We were challenged to complete this mini CTF about a coin-stealer and phishing kit. It wasnt as exciting as tracking coin transactions, but forensic and coding skills are all that are required to defeat this mini-challenge. GrabThePhisher CTF

Walkthrough

1) Which wallet is used for asking the seed phrase?

Hint:

• Find the source

Answer

 metamask

2) What is the file name that has the code for the phishing kit?

Answer

metamask.php

3) In which language was the kit written?

Answer

 php

4) What service does the kit use to retrieve the victim’s machine information?

Hint:

• first few lines
• the api source can be found on github

Answer

sypex geo

5) How many seed phrases were already collected?

Hint:

• locate a log file

Answer

3

6) Write down the seed phrase of the most recent phishing incident?

Answer

father also recycle embody balance concert mechanic believe owner pair muffin hockey

7) Which medium had been used for credential dumping?

Answer

telegram

8) What is the token for the channel?

Answer

5457463144:AAG8t4k7e2ew3tTi0IBShcWbSia0Irvxm10

9) What is the chat ID of the phisher’s channel?

Answer

5442785564

10) What are the allies of the phish kit developer

Answer

j1j1b1s@m3r0

11) What is the full name of the Phish Actor?

Hint:

• access the telegram chat room
• get-channel-or-group-info-using-telegram-api
• https://api.telegram.org/bot5457463144:AAG8t4k7e2ew3tTi0IBShcWbSia0Irvxm10/getChat?chat_id=5442785564

Answer

Marcus Aurelius

12) What is the username of the Phish Actor?

Answer

pumpkinboii

---

Share on: