Link to the challenge: Telnet Authentication
Here again, we will need Wireshark to open our ch2.pcap. If you didn't installed it already, you can check this post about the FTP Authentication challenge.
Here we will see a really useful Wireshark feature.
Once you opened you file with Wireshark, just go on the first packet, right-click on it and choose 'Follow' -> 'TCP Stream'.
You will see a window opening, and showing you all the data exchanges between the client and the server.
The parts highlighted in blue are the data sent by the server to the client, and the parts highlighted in red are the data sent from the client to the server.
I don't put a screenshot of it, otherwise, I would give you the answer, but just by reading the data you should be able to find the flag.
Bonus: You might notice that after the authentication, all characters are doubled. You can see that one is highlighted blue, while the other is highlighted red. This is probably a control mechanism, where the server repeat the received character, so the client can verify that the data have not been corrupted while transmitted.
This challenge was fairly easy, but it was the opportunity for me to show you the 'Follow TCP Stream' option.
See you soon for another challenge.
No comments:
Post a Comment