1

So I am currently struggling with a cyber security lab, and after searching various online sources and reading documentation I can't find a solution. The 2 tasks are as follows:

  1. "The attacker has deployed the Mimikatz tool to attempt to capture plaintext passwords. What is the filename of the Mimikatz executable on disk?"
  2. "The attacker has deployed a keylogger and has captured credentials for the webmail system for user Alan Jones (Alan Jones). What is the full path of the log file on disk?"

I am not quite sure how to find the tool, I think i could use regedt32 or powershell from what I have read.

Does anyone have experience in dealing with this/ a suggestion on how to find a specific file? (its not called mimikatz dont worry i already checked)

Thanks in advance.

Ismaeel Ali
  • 21
  • 5
  • "The attacker has deployed a keylogger...What is the full path of the log file on disk" There are too many different keyloggers to be able to answer this question. For the first question it should be easy to download the tool and extract it to see what the filename is. – user Nov 14 '19 at 13:59
  • @user the keylogger is called mimikatz as mentioned in question 1 – Ismaeel Ali Nov 14 '19 at 15:14
  • mimikatz is not a keylogger – schroeder Nov 14 '19 at 15:38
  • The entire point of the exercise is to figure out *how* to get these answers. Not to look up standard answers online. We can't help you without also being able to investigate the machine. – schroeder Nov 14 '19 at 15:41
  • @schroeder♦ wanna come over to see the machine then? i got pizza – Ismaeel Ali Nov 14 '19 at 19:43

0 Answers0