This is the official thread for Mission 4 of the Mother Russia DLC. Use this thread to post theories, ideas and hints. Please don't post any answers, and use spoiler tags when appropriate!
4.1 Spoiler: hint There is a massive construction project in this region Spoiler: hint The company you will find may belong to a larger group
4.2 Spoiler: hint CVE is a website listing known vulnerabilities in softwares Spoiler: hint The answer is the ID of the vulnerability, that can be found in the top of the vulnerability page, example: If we have "CVE-1995-5423", it's the "1995-5423" that interests us here Spoiler: hint A vulnerability is tied to the software and it's version Spoiler: hint Here, someone is installing pure ftpd in version 1.0.20_3
4.2 hint Spoiler Angels wilt in the Texas heat in 7-1 loss to Rangers Baxter's been LEFT in CVE, Guys.
Spoiler Using the CVE-search to search fore for Pure-ftpd version 1.0.20_3 doesn't yield any result for that version
Nudgery: -------------------------------------------------------------------------------- MR4-1 Nudge: Spoiler Odds are, if you were looking to do some construction, you'd ask a friend for a recommendation or simply look it up online. Unless you know some friends in the area in question, you'd try the second method. But we aren't looking for small time home renovations - this company is needs to be BIG. It's probably one of the large corporations in the region doing high-profile government contracts. What is the big construction project in the region at the time of the mission (and of this writing) ? It's controversial. Final Nudge: Spoiler You may have run into countless articles regarding sanctions, international conflict, etc. We need to narrow down the search. Instead of looking for info about the project itself, look for information about the contract. Who was it awarded to? -------------------------------------------------------------------------------- MR4-2 HOT OFF THE PRESSES Before sitting down to play BWM today I had been trying hacking CTFs and hit a wall, getting frustrated. I decided to take a break. Little did I realize they would follow me and I'd have to identify exploits as part of this game too! I wish all vulnerability identification was like this, however. Nudge: Spoiler Look closely at the document - can you make out any application or service names? Do some feature more prominently than others? At first I was going to write a little explanation about computer penetration testing , but instead I found a meme that gets the point across Bigger Nudge: Spoiler We are looking to launch a particular type of cyber attack. Some attacks look to get administrative access on a system, some look to steal data - what are our objectives in this mission? There are many places to find computer vulnerabilities and exploits online, and not all of them are worth your time. It can be better to look at a big, powerful, general search engine than a few specialized ones. Our orders are to find a vulnerability that meets a certain classification style. Use that in your search Final Nudge: Spoiler Our orders are to target the FTP (file transfer protocol) of the system in question, nothing else. We are looking for an exploit that purely targets that service, purely. Again, we are looking to find an exploit that can lead to Denial of Service. What dos that sound like to you?
