# Insider Lab

Q1) What distribution of Linux is being used on this machine?

<figure><img src="/files/IKFTWAH4A0uXKiUkn7MV" alt=""><figcaption></figcaption></figure>

Answer:  kali

Q2) What is the MD5 hash of the apache access.log?

Right click on the access.log file -> Export File Hash List

<figure><img src="/files/pXVl2t0eVOAfDqTxAtWL" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/vhClTucX8wUygGhUZWTh" alt=""><figcaption></figcaption></figure>

Answer:  d41d8cd98f00b204e9800998ecf8427e

Q3) It is believed that a credential dumping tool was downloaded? What is the file name of the download?

<figure><img src="/files/xKLqV2XiJcmCvtLv1AHo" alt=""><figcaption></figcaption></figure>

Answer:  mimikatz\_trunk.zip

Q4) There was a super-secret file created. What is the absolute path?

<figure><img src="/files/sTF8ZMHGr7dfaMqEUeOp" alt=""><figcaption></figcaption></figure>

Answer:  /root/Desktop/SuperSecretFile.txt

Q5) What program used didyouthinkwedmakeiteasy.jpg during execution?

<figure><img src="/files/Qx57mglAjpr73RI4kPXJ" alt=""><figcaption></figcaption></figure>

Answer:  binwalk

Q6) What is the third goal from the checklist Karen created?

<figure><img src="/files/uvLTVc2ivpvNEpOLvn0G" alt=""><figcaption></figcaption></figure>

Answer:  Profit

Q7) How many times was apache run?

<figure><img src="/files/MlCLkueJsEvAkjg15gYe" alt=""><figcaption></figcaption></figure>

Answer:  0

Q8) It is believed this machine was used to attack another. What file proves this?

<figure><img src="/files/SZTUoE1j5qszFdbBKLZZ" alt=""><figcaption></figcaption></figure>

Answer:  irZLAohL.jpeg

Q9) Within the Documents file path, it is believed that Karen was taunting a fellow computer expert through a bash script. Who was Karen taunting?

<figure><img src="/files/cFXAo7bFlhyzgLVD71Uk" alt=""><figcaption></figcaption></figure>

Answer:  Young

Q10) A user su'd to root at 11:26 multiple times. Who was it?

<figure><img src="/files/Q8xqE577ZWcWGBfEduW1" alt=""><figcaption></figcaption></figure>

Answer:  postgres

Q11) Based on the bash history, what is the current working directory?

<figure><img src="/files/2rzhx6b2AJ4ZLYr1BshX" alt=""><figcaption></figcaption></figure>

Answer:  /root/Documents/myfirsthack/


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://faresbltagy.gitbook.io/footprintinglabs/cyberdefenders/insider-lab.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.