(Note: If this write-up is based on an Active machine, specifics will be redacted to comply with HTB rules.)

is a medium-difficulty forensics challenge on Hack The Box (HTB) that tasks participants with investigating a compromised server to find active persistence mechanisms . Released in early 2022, it simulates a scenario where a red team has allegedly "cleaned up" after an engagement but left behind subtle artifacts in a network capture. Challenge Overview Category: Forensics Difficulty: Medium

The enumeration highlights an interesting Scheduled Task (Cron Job) or a binary with SUID permissions.

With elevated privileges, we can navigate to the Administrator's desktop and retrieve the flag:

The scan reveals a web server running on port 80. We navigate to the site and add the IP to our /etc/hosts file if required.

To start, let's connect to the Hack The Box VPN and access the Red Failure machine. We can use the nmap command to perform an initial scan of the machine: