Thursday, 31 October 2013

EMCDefendersleague2013 week-1 challenge-4 solution

Files can be downloaded here :

Question : Mr. H4x0r managed to sniff the HTTP traffic of his nemesis, however he is unable to figure out the credentials used by the victim to access the protected webpage.

Help Mr. H4x0r to figure out the credential for accessing the protected page.

Hint 1:Base

Hint 2:Julias Caesar

Basic thing is ?
Do a file command on the file 
result ; Contest4.sample: tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 65535)

What is the inference?
It says its a tcpdump. Hence wireshark is what you should look for.

opening it in wireshark will give you this :

lookin at the tcp dump you can analyze that the user was trying to get admin access..In the first try he used admin:1234 where it failed later he got admin access using the Credentials: nqzva:jQCNniEvTX
Now we got into the first level next as the hint says its Caesar encryption.

Now using online cipher calculators we can easily figure out.ROT13 encryption was used which is a type of Caeser encryption.
after decryption you would see this :

and the flag is : admin:wDPAavRiGK

No comments:

Post a Comment

enter valid comments.Suggestions are most welcome and would be interested in correcting my mistakes.