Changes

Gits2012teaser

485 bytes added, 13:23, 8 January 2012
/* #1 TelAviv */
== #1 TelAviv ==
 
=== Question ===
What is the password? ([[Media:7139a4ea239dcac655f7c38ca6a77b61.bin|File]])<br>
Hint: TeLaViv+ is a packet forensics challenge.
 
=== Solution ===
 
The file 7139a4ea239dcac655f7c38ca6a77b61.bin is a regular pcap file which contains a single TCP session.
 
[[Image:gist-telaviv-tcp-session.png]]
 
The client sends 245 bytes to the server as an authentification mechanism (red data in the screenshot). The actual data is composed of multiple parts:
 
* "GitS", probably some dummy data
* a NULL byte
* "Plague", potential username
* 233 remaining bytes, this is the actual password we're looking for
== #2 AL's Revenge ==
511
edits