当前位置:网站首页>Zhongke panyun-2022 Guangdong Trojan horse information acquisition and analysis
Zhongke panyun-2022 Guangdong Trojan horse information acquisition and analysis
2022-07-04 04:59:00 【Beluga】
Trojan information acquisition
Need data package to be private
1. From the target server FTP Upload and download wire0077.pcap, Analyze the file , Find out the protocol used by hackers , Submit agreement name .
At the beginning, this question is about what agreement there is , But I didn't see much , When you do the second question, you know it is SMTP, This is also a problem-solving skill , When there is a relationship between the present and the future, it can be appropriately deduced from the back
2. Analyze the file , Find out what hackers got zip Compress package file , Submit the file name of the compressed package .
Because the answer of the first question is not determined , Nor can it be done directly through the application layer protocol , But you can use the transport layer , After all, the transport layer is UDP and TCP And they are basically used TCP
Filter out tcp The package contains keywords zip My bag , This is also a helpless move. After all, the first question can't be done
track TCP Stream finds suspicious target , The answer is correct after submission
3. Analyze the file , Find out the sensitive files obtained by hackers , The file name of the submitted sensitive file .
I learned that the agreement is SMTP, Look first , After reading for some time, I found a suspicious target agreement imf, This will filter out all the files
Then try to submit , But what's worse here is that the names of two image files are almost the same , Pay attention to
4. Analyze the file , Find out the sensitive files obtained by hackers , The time when the sensitive document was submitted for disclosure .
This bag that directly finds the last question , The head is time
5. Analyze the file , Find out the sensitive files obtained by hackers , Submit the folder name leaked in the sensitive file .
There is a little hole in this question , The title is the name of the folder leaked in the sensitive file , The sensitive file is actually a picture , After restoration, the answer is ready
Because we need to solve the problem of line feed and coding , So I write a simple program to solve
The folder name in the figure is the answer
边栏推荐
- 【MATLAB】通信信号调制通用函数 — 带通滤波器
- 附件一:202x年xxx攻防演习授权委托书
- C basic (VII) document operation
- 【MATLAB】MATLAB 仿真模拟调制系统 — FM 系统
- Annex 2-2 confidentiality commitment docx
- 关闭的数据能用dbca删除吗? 能
- EVM proof in appliedzkp zkevm (11)
- Annex VI: defense work briefing docx
- 6-4漏洞利用-SSH Banner信息获取
- 20000 words will take you to master multithreading
猜你喜欢
NTFS 安全权限
How do good test / development programmers practice? Where to go
NTFS security permissions
如何构建属于自己的知识引擎?社群开放申请
中科磐云—模块A 基础设施设置与安全加固 评分标准
PostgreSQL 正式超越 MySQL,这家伙也太强了吧!
appliedzkp zkevm(13)中的Public Inputs
Deep understanding of redis -- bloomfilter
Use units of measure in your code for a better life
中职组网络安全—内存取证
随机推荐
[go] database framework Gorm
Maui introductory tutorial series (5.xaml and page introduction)
Acwing game 58
技术管理 - 学习/实践
Detailed comparison of Hynix emmc5.0 and 5.1 series
每日刷题记录 (十二)
EVM proof in appliedzkp zkevm (11)
Useful plug-ins for vscode
Drozer tool
中科磐云—2022广东木马信息获取解析
Definition of DCDC power supply current
Introduction and application of rampax in unity: optimization of dissolution effect
Flutter 调用高德地图APP实现位置搜索、路线规划、逆地理编码
Operate the server remotely more gracefully: the practice of paramiko Library
【MATLAB】MATLAB 仿真数字基带传输系统 — 双极性基带信号(余弦滚降成形脉冲)的眼图
CRS-4013: This command is not supported in a single-node configuration.
Utiliser des unités de mesure dans votre code pour une vie meilleure
附件三:防守方评分标准.docx
【MATLAB】MATLAB 仿真数字基带传输系统 — 双极性基带信号(第 I 类部分响应波形)的眼图
Beipiao programmer, 20K monthly salary, 15W a year, normal?