Hello buddy! Today I will introduce some new stuffs.
I'm in self-training for CTF competition. And according to the need of my team, I decide to explore Forensics area. I hope this decision will make it work and I can absorb more and more knowledge for pentesting.
So, I will kick off with picoCTF, this place is better for every beginner . Let's start!
like1000: 250pts
Follow the hint, this chall requires player to write a script , make it work to solve the problem. Download the .tar file and extract it
Alright! It contains another archived file named "999.tar" and txt file. After doing some research, I realize the issue : You must extract all the .tar file (may be 999 times) and find which file (all file named "filler.txt") contains flag.
For sure this must be solved by script (or if you have time , you can manually extract this 999 times 💀). I decide to write a small script by Python 3. After looking through tarfile module and think a way to find flag after extracting, I completely done (script).
Here is the result
shark on wire 2: 300pts
This chall is the next of Sharkonwire series. Let's download the pcap file and open with wireshark
I start with this filter so I can analyze which packet or frame with flag or related to it .
Follow the UDP stream, after some minutes, I realize that packet with "start" string and another with "end"
Between them, about 15-20 packets from ip 10.0.0.66 are sent out, so I do this filter
All destination ports are the same : 22 . I focus on source port which a little bit different. Ignore first number on each port, we actually have a range of ASCII letter. I write a small python script to get all number we need and decode them.
Webnet0:350pts
Another challenge related to Wireshark . Just download the key and pcap file
Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. A primary use case of TLS is encrypting the communication between web applications and servers, such as web browsers loading a website. TLS can also be used to encrypt other communications such as email, messaging, and voice over IP (VoIP). In this article we will focus on the role of TLS in web application security
c0rrupt :250 points
Take half an hour reading about PNG header , I guess I must change some chunk to the right value, compare to this image:
We need to go deeper : 20 Points
So, I guess we must analyze as "deeper" as possible . The challeng's descripton is :"Russian Dolls"- means that doll inside doll (Matryoska doll) - so I think maybe another picture(s) inside this challenge's picture... Let's check this.
JFIF-Exif-JFIF-Exif-JFIF, too much . Send to https://29a.ch/photo-forensics/
After 4 or 5 minutes skimming the surface, I ensure that is nothing intersting . So, I decide to go on with Binwalk
I think I'm in the right direction and I need to find the way to extract these hidden file from this picture. Keep searching ...
I figure out this tool (Binwalk) may be the most essential tool in forensics . Hope to try this tool with another interesting challege
After download and unzip, I figure out this challenge's file has .e01 extension, strange to me. Let's learn about this
An EnCase image file is encoded with disk image storage and compression standards used in the E01 format. These E01 files are affixed with the .e01 extension and are used by the EnCase application. The data stored in the E01 file can then be accessed by mounting the E01 disk image file using EnCase or other compatible applications implemented with support for the E01 disk image format. The forensic and technical content of an E01 file can be used in judiciary proceedings as evidence that may be used in criminal cases among other legal cases.
Follow the guide, I create a directory and use it as mountpoint, in order to mount the EWF container:
Continue..
Happy Hacking!
Không có nhận xét nào:
Đăng nhận xét