1. FOR 100- EXTRAC ME (WHITEHAT CONTEST 11)
Download file here
After download, we receive a .pcapng file named extract-me
Analyze it with Wireshark
HTTP Export:
Nothing interesting ...
Let's look throuh by follow TCP stream
We have a compressed file here, claim it
Open rar file but it requires password. Seem like we on the right way to flag .
After analyzing and searching inform ation, I realize some connection useTLSv1 protocol. I try to find SSL certificate in order to extract this follow this WU
Finally I found it
This is WhiteHat certificate from Ha Noi
Follow the WU above, we go on step-by-step
openssl x509 -inform DER -in puclic.der -text
We have RSA algorithm 696 bit. We have modulus(n), try to factordb it
p = 435958568325940791799951965387214406385470910265220196318705482144524085345275999740244625255428455944579
q = 562545761726884103756277007304447481743876944007510545104946851094548396577479473472146228550799322939273
Use rsatool to create a private key which could be used to decrypt TLSv1 protocol.
We already have p.pem as private key file.
Let's import it into Wireshark in order to decrypt TLS protocol
Check export HTTP object again
Save file pass.txt to your machine and open it
This is the rar file's password. Import it and open flag.png2. For 100 SVATTT17
Happy Hacking!
Không có nhận xét nào:
Đăng nhận xét