Are You Unknowingly Giving Your Customers an Easy Reason To Find Your Competitors?

Businesses that reach out to their customers deep trust and provide an important anchor in uncertain times that will pay off with future business A friend recently complained that her dentist’s…

Smartphone

独家优惠奖金 100% 高达 1 BTC + 180 免费旋转




Information we should find

Hi there! In order to properly inaugurate this page, we’ll be disclosing the agent A LetsDefend Challenge.

We reached the data of an agent leaking information. You have to disclose the agent.

Note: pcap file found public resources.

If you plan on doing the LetsDefend challenge, I strongly recommend trying to do it by yourself before reading!

First step was to open the PCAP file in a network protocol analyzer, for this task I’ll be using Wireshark so we can better analyze the traffic data.

Having in mind that our first goal is to find a secret e-mail address, we can start by searching for the SMTP (Simple Mail Transfer Protocol) on Wireshark.

Figure 02: Wireshark SMTP Filter

Looking at the traffic data, we can already detect some valuable information:

Assuming this is Ann’s computer (EHLO annlaptop), we could find her credentials by decoding her username and password values.

Figure 03: Ann’s username (e-mail)
Figure 04: Ann’s Password

Now that we have Ann’s credentials, we should analyze if we can find more information about her e-mail changes.

Figure 05: Wireshark SMTP Protocol

In the highlighted line, it’s possible to find the body of an e-mail message, that could be the person Ann has been trading e-mails with.

Looking at the rest of the packet there’s more suggestive messages that indicates that this person could be Ann’s secret lover.

Figure 07: Wireshark - Messages

We can also find an attachment file at the end of the message.

Figure 08: Wireshark - File Name

By following the TPC stream and going back to the attachment information inside of the e-mail, we can find the code of the file, which according to the content-transfer, is encoded in base64.

Figure 09: Wireshark - TCP Stream

In order to extract the file, we can take the code and put it into a decoder tool.

Fire 10: Base64 to File - Base64 Guru

Opening the file “application.docx” we have the place where Ann wants to meet.

Figure 11: application.docx

Once you have the file, you can open the terminal and check out its MD5 hash by using the command certutil.

Figure 12: application.docx MD5 Hash

That way the challenge is completed! Thank you for reading.

Add a comment

Related posts:

When was parkour invented?

Parkour is a dangerous and exhilarating sport that has quickly become popular around the world. It’s also been credited with helping to revive interest in physical activity, both for those who…

How to feel better today

So what do you do if you experience the weepy waves of sad? I’ve come up with a list here that explains what I do when I hit the emotion ocean, and they might just work for you too. Like most things…

Skills to Improve

Time management is something I definitely want to work on. I tend to always leave assignments to the last minute because I feel like I work better under some pressure. I want to finish assignments…