当前位置:网站首页>Zhongke panyun-2022 Guangdong Trojan horse information acquisition and analysis
Zhongke panyun-2022 Guangdong Trojan horse information acquisition and analysis
2022-07-04 04:59:00 【Beluga】
Trojan information acquisition
Need data package to be private
1. From the target server FTP Upload and download wire0077.pcap, Analyze the file , Find out the protocol used by hackers , Submit agreement name .
At the beginning, this question is about what agreement there is , But I didn't see much , When you do the second question, you know it is SMTP, This is also a problem-solving skill , When there is a relationship between the present and the future, it can be appropriately deduced from the back
2. Analyze the file , Find out what hackers got zip Compress package file , Submit the file name of the compressed package .
Because the answer of the first question is not determined , Nor can it be done directly through the application layer protocol , But you can use the transport layer , After all, the transport layer is UDP and TCP And they are basically used TCP
Filter out tcp The package contains keywords zip My bag , This is also a helpless move. After all, the first question can't be done
track TCP Stream finds suspicious target , The answer is correct after submission
3. Analyze the file , Find out the sensitive files obtained by hackers , The file name of the submitted sensitive file .
I learned that the agreement is SMTP, Look first , After reading for some time, I found a suspicious target agreement imf, This will filter out all the files
Then try to submit , But what's worse here is that the names of two image files are almost the same , Pay attention to
4. Analyze the file , Find out the sensitive files obtained by hackers , The time when the sensitive document was submitted for disclosure .
This bag that directly finds the last question , The head is time
5. Analyze the file , Find out the sensitive files obtained by hackers , Submit the folder name leaked in the sensitive file .
There is a little hole in this question , The title is the name of the folder leaked in the sensitive file , The sensitive file is actually a picture , After restoration, the answer is ready
Because we need to solve the problem of line feed and coding , So I write a simple program to solve
The folder name in the figure is the answer
边栏推荐
- appliedzkp zkevm(13)中的Public Inputs
- Zhongke Panyun - 2022 Guangxi reverse analysis ideas
- Kivy tutorial custom fonts (tutorial with source code)
- The paddlehub face recognition scheme is deployed, and the trained model is deployed and applied in pytchrom
- 【MATLAB】MATLAB 仿真 — 窄带高斯白噪声
- Self sharing of a graduate
- 2022年6月总结
- 在代码中使用度量单位,从而生活更美好
- Binary search tree
- Share some of my telecommuting experience
猜你喜欢
关于solidworks standard无法获得许可 8544问题的总结
全国职业院校技能大赛(中职组)网络安全竞赛试题—解析
RPC - gRPC简单的demo - 学习/实践
Test cs4344 stereo DA converter
Technology Management - learning / practice
抓包整理外篇fiddler———— 会话栏与过滤器
Annexe VI: exposé sur les travaux de défense. Docx
Utiliser des unités de mesure dans votre code pour une vie meilleure
Can closed data be deleted by DBCA? can
中職組網絡安全—內存取證
随机推荐
红队视角下的防御体系突破之第二篇案例分析
练习-冒泡排序
6-5 vulnerability exploitation SSH weak password cracking and utilization
[go] database framework Gorm
Zhengzhou zhengqingyuan Culture Communication Co., Ltd.: seven marketing skills for small enterprises
Can closed data be deleted by DBCA? can
关于solidworks standard无法获得许可 8544问题的总结
中科磐云—数据分析与取证数据包flag
【MATLAB】MATLAB 仿真数字基带传输系统 — 数字基带传输系统
RPC - grpc simple demo - learn / practice
Developing mqtt access program under QT
EVM proof in appliedzkp zkevm (11)
简单g++和gdb调试
Technology Management - learning / practice
Operate the server remotely more gracefully: the practice of paramiko Library
Kivy tutorial custom fonts (tutorial with source code)
C basic (VII) document operation
【MATLAB】通信信号调制通用函数 — 插值函数
2022年6月总结
Create ASM disk through DD