[INTERNAL] Note to the information systems department
ACME Sat central server was hacked!!! One of our central servers have been hacked. The attacker left this cryptic note in a text file called note-to-acme.txt saved in Jason’s home folder. This means he might have used Jasons usual generic profile.
Authorization: Basic amFya2xlOnIwMHRfcGFzcw==
But ACME generic user profiles don’t have elevated rights so how can the attacker could do so much damage on the central server? We believe he sniffed traffic while Jason was doing a remote maintenance, so we asked Jason to repeat the process and sniffed traffic too.
What went wrong?
Thanks to Alexandru Serban from GovSat for this challenge.