Bruteforce
Question 1) How many Audit Failure events are there? (Format: Count of Events) (3 points)
For the first question, we just need to search for Audit Failure to get the answer ~
You can also open it with Mousepad search for ease
3103
Question 2) What is the username of the local account that is being targeted? (Format: Username) (2 points)
Because I switched from a Windows O.S to a Kali O.S, I may not be familiar with it, and… I struggled for a while to look at the .evtx file .-.
But… it’s so hard to see, my eyes TT
1
2
evtx_dump.py BTLO_Bruteforce_Challenge.evtx
administrator
Question 3) What is the failure reason related to the Audit Failure logs? (Format: String) (3 points)
It’s pretty easy~
Unknown user name or bad password
Question 4) What is the Windows Event ID associated with these logon failures? (Format: ID) (3 points)
So… you can see it when you look at it
4625
Question 5) What is the source IP conducting this attack? (Format: X.X.X.X) (3 points)
Hmmm…
113.161.192.227
Question 6) What country is this IP address associated with? (Format: Country) (3 points)
ehhhh… located in my country ah =)))
Vietnam
Question 7) What is the range of source ports that were used by the attacker to make these login requests? (LowestPort-HighestPort - Ex: 100-541) (3 points)
I roughed this question by searching Source Port and finding it was quite easy because it runs in order :))
let’s try it
49162–65534
goodbye, thank you for reading until now //~//
This post is licensed under CC BY 4.0 by the author.