Skip to content

readme.md

Latest commit

 

History

History
65 lines (34 loc) · 1.75 KB

readme.md

File metadata and controls

65 lines (34 loc) · 1.75 KB

Write-ups for TCTT2022/Network/02

Flag pattern

TCTT2022{xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}

Challenge Files

network-challenge02

Solution

  1. First, Let open the pcap file with wireshark and analyze it with Statistics > Protocol Hierarchy.

wireshark_result_1

wireshark_result_2

  1. It look like there is a lot of Telnet request, so filter it with Right Click > Apply as Filter > Selected.

wireshark_result_3

  1. We sort the results by length.

wireshark_result_4

  1. Then, we follow the TCP stream of the longest one.

wireshark_result_5

  1. And that is the TCP stream no.20128, which looks like SSH connection.

wireshark_result_6

  1. We can see that, they are doing something with secret.zip

wireshark_result_7

  1. Let go to the next stream and you can see that the stream is starting with PK which is the signature of zip file.

wireshark_result_8

  1. If you want to save the zip file, you can do it by changing the stream to raw data and save it as zip file.

wireshark_result_9

  1. We got secret.zip file but it has password.

zip_password

  1. Let crack it with fcrackzip and rockyou wordlist with this command.
fcrackzip -u -D -p <PATH-TO-WORDLIST> <PATH-TO-ZIP-FILE>

fcrackzip_result

As you can see, the password is P@ssw0rd.

  1. We use previous password to unzip the zip file and we got secret.

secret_file

  1. We cat that file, and the result is tctt2022{Welcome_R00t_T3ln3t}