A Bucket of Phish

DarkInjector has been using a Cmail phishing website to try to steal our credentials. We believe some of our users may have fallen for his trap. Can you retrieve the list of victim users?

Here's the link to the website: http[:]//darkinjector-phish.s3-website-us-west-2.amazonaws.com

Category: Cloud || Level: EASY

Task

Tantangan ini mengharuskan kita menemukan daftar korban yang tertipu oleh situs phishing Cmail yang dibuat oleh DarkInjector.

📌 Langkah Penyelesaian

1. Mengecek isi bucket:

┌──(rwx4m㉿kali)-[~/Downloads/darkinjector-phish.s3-website-us-west-2.amazonaws.com]

└─$ aws s3 ls s3://darkinjector-phish

2025-03-17 13:46:17 132 captured-logins-093582390

2025-03-17 13:25:33 2300 index.html

2. Salin file captured-logins-093582390 ke host

┌──(rwx4m㉿kali)-[~/Downloads/darkinjector-phish.s3-website-us-west-2.amazonaws.com]

└─$ aws s3 cp s3://darkinjector-phish/captured-logins-093582390 .

3. Membaca isi file

┌──(rwx4m㉿kali)-[~/Downloads/darkinjector-phish.s3-website-us-west-2.amazonaws.com]

└─$ cat captured-logins-093582390

user,pass

munra@thm.thm,Password123

test@thm.thm,123456

mario@thm.thm,Mario123

flag@thm.thm,THM{this_is_not_what_i_meant_by_public}

Final Flag🎯

Ouput Pesan yang didekripsi:

THM{this_is_not_what_i_meant_by_public}

Google Sites

Report abuse