Root-me Challenges(Networks)
Investigate captured traffic, network services and perform packet analysis
— — — — — — — — — — — — — — — — — — — — — — — — — — —
FTP — authentication
The first challenge in the networks was FTP-Authentication which I did by packet analysis. I used tshark instead of Wireshark.
Open the terminal and make sure tshark is up and running.
To install tshark run the command sudo apt-get install tshark -y
The challenge have one pcap file. Open the file in terminal as per challenge, I used the command:
tshark -r ch1.pcap -Y ‘ftp.request.command==”PASS”’
which means I want tshark to open the file name ch1.pcap and I used -Y to filter out the ftp request command PASS which contains password.
— — — — — — — — — — — — — — — — — — — — — — -→
TELNET — authentication
This challenge requires to find the user password in this TELNET session capture.
In the wireshark, I sniffed out the TCP stream and ofcourse it’s TELNET user password was clearly visible which was required flag as shown above.
— — — — — — — — — — — — — — — — — — — — — — — — →
ETHERNET — frame
So in this challenge, the hex dump was given if you recon on the internet you’ll find numerous ways to convert hex dumps to ASCII as shown. It contains a string which is clearly in Base64 as shown above
— — — — — — — — — — — — — — — — — — — — — — -→
Twitter authentication
Challenge: A twitter authentication session has been captured, you have to retrieve the password.
After packet analysis in Wireshark as above challenge, the string was decoded same as above challenge.
— — — — — — — — — — — — — — — — — →
Bluetooth — Unknown file
Challenge: Your friend working at NSA recovered an unreadable file from a hacker’s computer. The only thing he knows is that it comes from a communication between a computer and a phone.
The answer is the sha-1 hash of the concatenation of the MAC address (uppercase) and the name of the phone.
Example:
AB:CD:EF:12:34:56myPhone -> 023cc433c380c2618ed961000a681f1d4c44f8f1
So clearly seems we have tapped bluetooth captures. In the right frame of the PoC the name of the device and MAC is visible, after combining as per requirement, the flag is baked out.
— — — — — — — — — — — — — — →
Until Next Time,
Reach me:
