Wireshark data analysis and forensics a.pacapng

Wireshark（ Pre name Ethereal） Is a network packet analysis software . The function of network packet analysis software is to retrieve network packets , At the same time, the most detailed network packet data is displayed .Wireshark Use WinPCAP As an interface , Data message exchange with network card directly .

wireshark Introduction to ：

Suppose you are a network security engineer , Need to analyze the data of a company , Analyze the operations performed by hackers to obtain computer permissions , In this chapter, we mainly analyze the key data by analyzing the case data package .

A.pacapng Data packets

1. Through analysis windows 7 Packets on the desktop A.pcapng, Find the password for the hacker to connect the Trojan horse in one sentence , Use this password as FLAG Submit ;

Screening http agreement ctrl+F Search for keyword @eval

2. Through analysis windows 7 Packets on the desktop A.pcapng, View call upload one sentence Trojan file ;

aaaa.php

3. By analyzing the data package A.pcapng, Find the range of network segments scanned by hackers （IP In between ”,” separate , example ：192.168.1.1-192.168.1.2） Use this range as FLAG Submit ;

Screening arp agreement spot Info Sort out Here we are 31 But it was swept 30 Start connecting the Trojan horse To be specific, try again during the competition .

192.168.10.10-192.168.10.30

4. By analyzing the data package A.pcapng, What is the password to find the domain server , Use this password as FLAG Submit ;

163.com

5. By analyzing the data package A.pcapng, Find the file uploaded by the hacker and use the name as FLAG Submit ;

6. By analyzing the data package A.pcapng, Find out what the hacker downloaded , Treat the contents of this file as FLAG Submit ;

Put the packet into kaili Use binwalk -e To separate

Use crunch Make a dictionary and insert it into the current directory passwd1.txt Next Use fcrackzip Blast zip The password for encrypting the file is DBOQ6457

flag{friday}

If you don't know the place, you can confide in the blogger , Welcome to exchange ！！ Communication group ：603813289（ Just built ）

Finally, if it helps you I hope you can support the blogger for the third company , Your support is my greatest motivation , Reprint please indicate the original link support original thank you ！