CTF- Security Basics question 3 This is a captured hack packet. The password of the Administrator user was leaked in this attack. Can you find it?

This is the captured hack packet, Administrator user password was leaked in this attack, can you find it? Score: 30

Source: 2014 SCTF
More difficult:
Number of participants: 3,918
Get Flag: 384
Number of answers: 501
Problem solving pass rate: 77%

FLAG is the plaintext password of Administrator

The problem solving link: ctf5.shiyanbar.com/misc/misc40…

The original link: www.shiyanbar.com/ctf/719

【答案】

Let’s download the packet and then use Wireshark to analyze the packet

We found that the packet was not encrypted and the traffic was clearly displayed, but it was too long… Look not to understand

At this point, we should filter the packet…

Because it’s an access package, let’s filter HTTP to see some of the things it accesses

This is a kitchen knife package, and the inside of this package is Base64 encrypted, so we can take a look at some of the contents of this package

First let’s look at this line:

If you see two “==”, you know that this is a Base64 encryption, and you can decrypt this line in the same way that we decrypt it in the browser

Decrypt the result with a whoami command…

The whoami command is the command to view the current user’s line

When a hacker gets on someone’s computer, he’ll look at the current user and see what the user is, and if it’s a high-privileged user, he’ll be happy, and high-privileged users can do a lot of things…

Let’s look at this row

Throw this line into the browser for Base64 decryption

This line has a command, called arp -a, which is a very interesting command, this command is used to check local arp table, arp table record all information of the computer in the LAN, hackers use this command to find other computers in the LAN, we look at what is this command execution result…

192.168.30.101, 192.168.30.184, 192.168.30.184, 192.168.30.2, 192.168.30.2, 192.168.30.101, 192.168.30.184, 192.168.30.184

And then we’re going to translate this

Net use set up a network mapping, log in as Administrator, password is Test! @#123, the question asked us to find the password, here, very easy to get ~~~

This problem is the process that simulates hacker to undertake network in-depth, what authority is the user that goes looking for oneself machine child, try to go looking for other user of LAN, undertake infiltration to other computer, this process is the process that attacks

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

CTF– Security Basics question 3 This is a captured hack packet. The password of the Administrator user was leaked in this attack. Can you find it?

This is the captured hack packet, Administrator user password was leaked in this attack, can you find it? Score: 30

CTF– Security Basics question 3 This is a captured hack packet. The password of the Administrator user was leaked in this attack. Can you find it?

This is the captured hack packet, Administrator user password was leaked in this attack, can you find it? Score: 30

Related Posts

Briefly talk about the basic principle of micro channel small program

Webpack basic concept learning – three

Should we trust the fanatical genius of engineers?