TryHackMe: Advent Of Cyber 2023 - Day 12

With the chaos of the recent merger, the company’s security landscape has turned into the Wild West. Servers and endpoints, once considered fortresses, now resemble neglected outposts on the frontier, vulnerable to any attacker.

As McHoneyBell sifts through the reports, a sense of urgency gnaws at her. “This is a ticking time bomb,” she mutters to herself. It’s clear they need a strategy, and fast.

Determined, McHoneyBell rises from her chair, her mind racing with possibilities. “Time to suit up, team. We’re going deep!” she declares, her tone a blend of resolve and excitement. “Defence in Depth isn’t just a strategy; it’s our lifeline. We’re going to fortify every layer, from the physical servers in the basement to the cloud floating above us. Every byte, every bit.”

In this task, we will be hopping into McHoneyBell’s shoes and exploring how the defence in depth strategy can help strengthen the environment’s overall security posture.

Questions

What is the default port for Jenkins?

• 8080

What is the password of the user tracy?

• 13_1n_33

What’s the root flag?

• ezRo0tW1thoutDiD

What is the error message when you login as tracy again and try sudo -l after its removal from the sudoers group?

• Sorry, user tracy may not run sudo on jenkins.

What’s the SSH flag?

• Ne3d2SecureTh1sSecureSh31l

What’s the Jenkins flag?

• FullTrust_has_n0_Place1nS3cur1ty

If you enjoyed this room, please check out our SOC Level 1 learning path.

• No answer needed