Link to the challenge: Ethernet Frame
So in this challenge, you will need to find the confidential data hidden in the frame:
00 05 73 a0 00 00 e0 69 95 d8 5a 13 86 dd 60 00
00 00 00 9b 06 40 26 07 53 00 00 60 2a bc 00 00
00 00 ba de c0 de 20 01 41 d0 00 02 42 33 00 00
00 00 00 00 00 04 96 74 00 50 bc ea 7d b8 00 c1
d7 03 80 18 00 e1 cf a0 00 00 01 01 08 0a 09 3e
69 b9 17 a1 7e d3 47 45 54 20 2f 20 48 54 54 50
2f 31 2e 31 0d 0a 41 75 74 68 6f 72 69 7a 61 74
69 6f 6e 3a 20 42 61 73 69 63 20 59 32 39 75 5a
6d 6b 36 5a 47 56 75 64 47 6c 68 62 41 3d 3d 0d
0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 49 6e 73
61 6e 65 42 72 6f 77 73 65 72 0d 0a 48 6f 73 74
3a 20 77 77 77 2e 6d 79 69 70 76 36 2e 6f 72 67
0d 0a 41 63 63 65 70 74 3a 20 2a 2f 2a 0d 0a 0d
0a
Then you can go to Wireshark, File -> Import from hex dump. Then you select the file you just created, select offset: hexadecimal, and import...
And it doesn't work. Hummm. Apparently we don't have the right format. Let's check it out what is the Wireshark Hex Dump format.
We quickly find this: Wireshark Hex Dump Format
We notice that we need to specify the offset from the beginning of the file to the beginning of the new line. If you remember, when we tried to import our file before, we selected 'offset: hexadecimal'. So this probably means that the offset we have to write needs to be written as hexadecimal values. Let's try:
000000 00 05 73 a0 00 00 e0 69 95 d8 5a 13 86 dd 60 00
000010 00 00 00 9b 06 40 26 07 53 00 00 60 2a bc 00 00
000020 00 00 ba de c0 de 20 01 41 d0 00 02 42 33 00 00
000030 00 00 00 00 00 04 96 74 00 50 bc ea 7d b8 00 c1
000040 d7 03 80 18 00 e1 cf a0 00 00 01 01 08 0a 09 3e
000050 69 b9 17 a1 7e d3 47 45 54 20 2f 20 48 54 54 50
000060 2f 31 2e 31 0d 0a 41 75 74 68 6f 72 69 7a 61 74
000070 69 6f 6e 3a 20 42 61 73 69 63 20 59 32 39 75 5a
000080 6d 6b 36 5a 47 56 75 64 47 6c 68 62 41 3d 3d 0d
000090 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 49 6e 73
000100 61 6e 65 42 72 6f 77 73 65 72 0d 0a 48 6f 73 74
000110 3a 20 77 77 77 2e 6d 79 69 70 76 36 2e 6f 72 67
000120 0d 0a 41 63 63 65 70 74 3a 20 2a 2f 2a 0d 0a 0d
000130 0a
Let's save our file and try to import it with the same method as we tried at the beginning.
This time, it works, and we can see we have 1 frame.
0000 00 05 73 a0 00 00 e0 69 95 d8 5a 13 86 dd 60 00 ..s....i..Z...`.
0010 00 00 00 9b 06 40 26 07 53 00 00 60 2a bc 00 00 .....@&.S..`*...
0020 00 00 ba de c0 de 20 01 41 d0 00 02 42 33 00 00 ...... .A...B3..
0030 00 00 00 00 00 04 96 74 00 50 bc ea 7d b8 00 c1 .......t.P..}...
0040 d7 03 80 18 00 e1 cf a0 00 00 01 01 08 0a 09 3e ...............>
0050 69 b9 17 a1 7e d3 47 45 54 20 2f 20 48 54 54 50 i...~.GET / HTTP
0060 2f 31 2e 31 0d 0a 41 75 74 68 6f 72 69 7a 61 74 /1.1..Authorizat
0070 69 6f 6e 3a 20 42 61 73 69 63 20 59 32 39 75 5a ion: Basic Y29uZ
0080 6d 6b 36 5a 47 56 75 64 47 6c 68 62 41 3d 3d 0d mk6ZGVudGlhbA==.
0090 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 49 6e 73 .User-Agent: Ins
Authorization: Basic Y29uZmk6ZGVudGlhbA==
It looks exactly like we have, except for the data after Basic. This could be the credentials. We noticed in the previous link, that they mentionned the 'Basic' auth do not encrypt the credentials, but encoded them using a base64. If we want to get the flag, we need to find how to decode the base64, but this will be your job now.
Tips: You can find useful tools online.
I hope this helped you understand a bit how http authentication works, and how unsecure it can be.
Let me know if you have any question or comment about this challenge. Thank you.
thank u for this
ReplyDeletethnk you very much
ReplyDelete