This is the captured hack packet, Administrator user password was leaked in this attack, can you find it? Score: 30
- Source: 2014 SCTF
- More difficult:
- Number of participants: 3,918
- Get Flag: 384
- Number of answers: 501
- Problem solving pass rate: 77%
FLAG is the plaintext password of Administrator
The problem solving link: ctf5.shiyanbar.com/misc/misc40…
The original link: www.shiyanbar.com/ctf/719
【 答 案 】
Let’s download the packet and then use Wireshark to analyze the packet
We found that the packet was not encrypted and the traffic was clearly displayed, but it was too long… Look not to understand
At this point, we should filter the packet…
Because it’s an access package, let’s filter HTTP to see some of the things it accesses
This is a kitchen knife package, and the inside of this package is Base64 encrypted, so we can take a look at some of the contents of this package
First let’s look at this line:
If you see two “==”, you know that this is a Base64 encryption, and you can decrypt this line in the same way that we decrypt it in the browser
Decrypt the result with a whoami command…
The whoami command is the command to view the current user’s line
When a hacker gets on someone’s computer, he’ll look at the current user and see what the user is, and if it’s a high-privileged user, he’ll be happy, and high-privileged users can do a lot of things…
Let’s look at this row
Throw this line into the browser for Base64 decryption
This line has a command, called arp -a, which is a very interesting command, this command is used to check local arp table, arp table record all information of the computer in the LAN, hackers use this command to find other computers in the LAN, we look at what is this command execution result…
192.168.30.101, 192.168.30.184, 192.168.30.184, 192.168.30.2, 192.168.30.2, 192.168.30.101, 192.168.30.184, 192.168.30.184
And then we’re going to translate this
Net use set up a network mapping, log in as Administrator, password is Test! @#123, the question asked us to find the password, here, very easy to get ~~~
This problem is the process that simulates hacker to undertake network in-depth, what authority is the user that goes looking for oneself machine child, try to go looking for other user of LAN, undertake infiltration to other computer, this process is the process that attacks