Echo Trail – OffSec Proving Grounds Practice Machine | Cyber Security Penetration Testing Lab

Dive into the Echo Trail practice machine from OffSec Proving Grounds — a hands-on cyber security lab focused on penetration testing, vulnerability exploitation, privilege escalation and real-world red-team exercise.

PROVING GROUNDSOFFENSIVE SECURITYMETHODOLOGYPEN-200PENETRATION TESTEROFFSECCTFPENETRATION TESTINGSECURITYNETWORK DISCOVERYNETWORKINGCYBERSECURITY CHALLENGESCYBERSECURITY LABSACTIVE DIRECTORYOSCPADVERSARY TECHNIQUESOFFSEC WALKTHROUGHVULNERABILITIESPROVING GROUNDS PRACTICEHANDS ON SECURITY LABSCREDENTIAL ACCESSPRIVILEGE ESCALATION

Jawstar

11/15/20251 min read

Which file was attached to the phishing email that started the compromise?

ngo_update.png

What was the entire URL associated with the phishing page?

http://login.mcrosoft.com/login.html

What is likely the PHP attacker file name responsible for intercepting the credentials?

login.php

What is the valid Azure's password obtained through phishing?

Jopa373424

What hostname did the attacker present in EHLO?

attacker01

What failure specific message is provided in Azure when MFA is not succeeding?

Authentication failed during strong authentication request.

At what specific timestamp the attacker succeeded in logging in with the victim account? Format the answer as HH:MM:SS

08:15:49

Which Azure CLI subcommand initiated the server connection from Cloud Shell?

az ssh arc --subscription 65f29041-a905-45dd-aebd-6fbf877ed89e \

From which table were records extracted?

donorrecords

Which process image shows execution of the mysqldump.exe utility?

C:\Program Files\MariaDB 12.0\bin\mysqldump.exe

Connect

Secure your future with expert cybersecurity solutions

Support

Quick Links

contact@jawstarsec.in

Echo Trail – OffSec Proving Grounds Practice Machine | Cyber Security Penetration Testing Lab

Which file was attached to the phishing email that started the compromise?

ngo_update.png

What was the entire URL associated with the phishing page?

http://login.mcrosoft.com/login.html

What is likely the PHP attacker file name responsible for intercepting the credentials?

login.php

What is the valid Azure's password obtained through phishing?

Jopa373424

What hostname did the attacker present in EHLO?

attacker01

What failure specific message is provided in Azure when MFA is not succeeding?

Authentication failed during strong authentication request.

At what specific timestamp the attacker succeeded in logging in with the victim account? Format the answer as HH:MM:SS

08:15:49

Which Azure CLI subcommand initiated the server connection from Cloud Shell?

az ssh arc --subscription 65f29041-a905-45dd-aebd-6fbf877ed89e \

From which table were records extracted?

donorrecords

Which process image shows execution of the mysqldump.exe utility?

C:\Program Files\MariaDB 12.0\bin\mysqldump.exe

Connect

Quick Links

Services

Blog

Contact Us

Homepage