No more kid's play

From Pessin randon wiki
Revision as of 15:53, 9 September 2022 by 192.168.110.1 (talk) (Solution)

Description

150pts

You are called into school board meeting, some police cyber unit officers are present. Everybody is dead serious.

It appears it was NOT a kid hacking the school systems, but some actual hacker used school's infrastructure to plan and carry out attacks against other targets.

School IT gave you the packet capture from the computer that the attacker was using to hack the SQL server.

IT analysed the file and identified that some traffic was tunneled out of the school network. They could not identify what it was.

Can you help the authorities track the mysterious attacker?

Question

Can you identify the tunneling protocol and decode the data?

http://shared.target05/school-noc-dump.pcapng

Solution

I opened the pcap file in wireshark and poke around. I was checking through protocols witch was used, but didn't find anything interesting from there. Then I started to follow tcp streams and found on tcp stream ID 5 interesting message. In that message was even guide how to extract the correct flag. I use that rule and found the flag.

Tools

Wireshark

Flag

Retrieved from "https://wiki.pessinurmi.com/index.php?title=No_more_kid%27s_play&oldid=136"