Toolbox

Challenge:

What tool was used when the attack started at 2022-07-27 14:13 UTC? Submit the flag as flag{tool}. Example: flag{notepad}.

Use the files from First Strike.

Solution:

This challenge was actually answered during the previous challenge while determining the source IP of the attacker:

165.227.73.138 - - [27/Jul/2022:14:13:52 +0000] "GET / HTTP/1.1" 200 6225 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"

The User-Agent that aligns with 2022-07-27 14:13 UTC identifies the tool as the network scanning tool nmap.

The accepted flag was: flag{nmap}