Skip to content

02

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

02

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
write-ups
write-ups
 
 
network-challenge02.zip
network-challenge02.zip
 
 
readme.md
readme.md
 
 

readme.md

Write-ups for TCTT2022/Network/02

Flag pattern

TCTT2022{xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}

Challenge Files

network-challenge02

Solution

  1. First, Let open the pcap file with wireshark and analyze it with Statistics > Protocol Hierarchy.

wireshark_result_1

wireshark_result_2

  1. It look like there is a lot of Telnet request, so filter it with Right Click > Apply as Filter > Selected.

wireshark_result_3

  1. We sort the results by length.

wireshark_result_4

  1. Then, we follow the TCP stream of the longest one.

wireshark_result_5

  1. And that is the TCP stream no.20128, which looks like SSH connection.

wireshark_result_6

  1. We can see that, they are doing something with secret.zip

wireshark_result_7

  1. Let go to the next stream and you can see that the stream is starting with PK which is the signature of zip file.

wireshark_result_8

  1. If you want to save the zip file, you can do it by changing the stream to raw data and save it as zip file.

wireshark_result_9

  1. We got secret.zip file but it has password.

zip_password

  1. Let crack it with fcrackzip and rockyou wordlist with this command.
fcrackzip -u -D -p <PATH-TO-WORDLIST> <PATH-TO-ZIP-FILE>

fcrackzip_result

As you can see, the password is P@ssw0rd.

  1. We use previous password to unzip the zip file and we got secret.

secret_file

  1. We cat that file, and the result is tctt2022{Welcome_R00t_T3ln3t}