当前位置：网站首页>Zhongke panyun-2022 Guangdong Trojan horse information acquisition and analysis

Zhongke panyun-2022 Guangdong Trojan horse information acquisition and analysis

2022-07-04 04:59:00 【Beluga】

Trojan information acquisition

Need data package to be private

1. From the target server FTP Upload and download wire0077.pcap, Analyze the file , Find out the protocol used by hackers , Submit agreement name .

At the beginning, this question is about what agreement there is , But I didn't see much , When you do the second question, you know it is SMTP, This is also a problem-solving skill , When there is a relationship between the present and the future, it can be appropriately deduced from the back

2. Analyze the file , Find out what hackers got zip Compress package file , Submit the file name of the compressed package .

Because the answer of the first question is not determined , Nor can it be done directly through the application layer protocol , But you can use the transport layer , After all, the transport layer is UDP and TCP And they are basically used TCP

Filter out tcp The package contains keywords zip My bag , This is also a helpless move. After all, the first question can't be done

track TCP Stream finds suspicious target , The answer is correct after submission

3. Analyze the file , Find out the sensitive files obtained by hackers , The file name of the submitted sensitive file .

I learned that the agreement is SMTP, Look first , After reading for some time, I found a suspicious target agreement imf, This will filter out all the files

Then try to submit , But what's worse here is that the names of two image files are almost the same , Pay attention to

4. Analyze the file , Find out the sensitive files obtained by hackers , The time when the sensitive document was submitted for disclosure .

This bag that directly finds the last question , The head is time

5. Analyze the file , Find out the sensitive files obtained by hackers , Submit the folder name leaked in the sensitive file .

There is a little hole in this question , The title is the name of the folder leaked in the sensitive file , The sensitive file is actually a picture , After restoration, the answer is ready

Because we need to solve the problem of line feed and coding , So I write a simple program to solve