[Forensics] Marshal in the Middle

Hey guys, i've been working on Marshal in the Middle and have seen the dump showing what data was taken and I was assuming the flag would have been in there, but doesn't seem to work. Hoping someone can throw me a hint, not an answer

Kronos

«134

Comments

  • Nvm ignore this, this never happened.

    Kronos

  • edited March 2018

    Spoiler Removed - Arrexel

  • I think u should edit your spoiler.
    and yes.
  • For some reason it seems I can not edit my post... Thanks for confirming the direction I took though ^_^

  • edited June 2018

    @dotan3 said:
    I started working on this challenge but feel really dumb. Here is what I found so far:

    *** PROBABLE SPOILER ***

    Spoiler Removed - Arrexel

    You are in the right direction. Think of what you are looking for, how it will look like and what makes it important, you'll catch it. keep going.

    Hack The Box

  • edited March 2018

    Spoiler Removed - Arrexel

  • NM. I got it. Thanks. I guess I was just looking a little too hard. :-/

  • That's where I'm stuck. I can see the actual exfiltration occur, but not seeing the flag...

    Hack The Box

  • Me too. Can someone PM?

  • animal1111, PM'd you. d3c3pt10n. just like when you're lost in the woods: find a stream and follow it.

    the flag is in plain sight but you do have to dig into the data. As I mentioned to anima1111 - this was my first puz so I had no idea what to look for. It really is obvious when you see it.

    Happy Hunting

  • Thanks for the hint grauwulf. Unfortunately, I have followed the stream and saw what took place, but I have been unsuccessful in the flag input part.

  • @anima1111 said:
    Thanks for the hint grauwulf. Unfortunately, I have followed the stream and saw what took place, but I have been unsuccessful in the flag input part.

    Perhaps you are using the wrong 'spectacles' to look at the encrypted data.

  • Need some nudge all above already tried ...

  • you already got what you need @imrnrza
    there's a big spoiler on above comment (which is quoted by @briyani)
    while there's a google on how you can solve this challenge.

    Hack The Box

  • The impact of the work done by Diffie-Hellman is absolutely Not Ephemeral ;)

  • I'm struggling with this one too. Pretty sure I found the exfiltrated data but not able to locate the flag. Can someone help me out? PM to avoid spoilers.

  • Will this challenge end in a standard flag? I believe I know what is ex filled wondering if we need to crack any of the data. Trying not to give away any spoilers. I have a stream the stream shows some commands gathering some sensitive data and sending it off. i dont have a forensics background, just taking a shot from the knowledge i have and some classes I have taken.

  • @genxweb you have a lead, just follow it. You have everything you need already.

    rotarydrone
    OSCP

  • I think I also solved it. I could decrypt the messages from the attacker and read the sensible data, but I cannot find the correct flag. Can someone help me to find the exact flag.

  • @genxweb said:
    Will this challenge end in a standard flag? I believe I know what is ex filled wondering if we need to crack any of the data. Trying not to give away any spoilers. I have a stream the stream shows some commands gathering some sensitive data and sending it off. i dont have a forensics background, just taking a shot from the knowledge i have and some classes I have taken.

    I've got the trail of our guy but it looks like I can get the first and the second part of something but not the third part and I'm sure that the third part has the juice.

  • Yeah Iam stuck there on the in the middle part. found the sensitive data and where it came from then looked there and think i have the packet but for some reason that packet does not seem to decode.

  • By any chance is the legible? like in the format of HTB{Blah}? I found where it looks to be posting the contents of a well known file from /etc/* and the break down of the cert. Any particular area that should be looked at more?

  • BTW which version of Wireshark did you guys use? I have 2.4.5 on my box and I believe there might be a bug with the challenge on that version

  • @k4r4koyun said:
    BTW which version of Wireshark did you guys use? I have 2.4.5 on my box and I believe there might be a bug with the challenge on that version

    The challenge is bugged. Do not try to do this one with up-to-date Wireshark installed in Kali Linux. I have downloaded Wireshark 2.1.1 from their site on my Windows computer and the flag is there.

  • Hi @k4r4koyun , I tested on Version 2.4.5 (Git v2.4.5 packaged as 2.4.5-1) on Kali 64 bit, and everything worked properly. Perhaps something was misconfigured?

    rotarydrone
    OSCP

  • @rotarydrone said:
    Hi @k4r4koyun , I tested on Version 2.4.5 (Git v2.4.5 packaged as 2.4.5-1) on Kali 64 bit, and everything worked properly. Perhaps something was misconfigured?

    Don't think so, I didn't change settings of my wireshark but decryption on my Kali was problematic. Can't really say much from here without spoiling

  • i have a question about this challange. can anyone pm me ?

  • I got some information about the pastebin, the traffic. But the flag is not there. I think the flag is in another flow of information, I got the content but I can't put this in a plain text. Could someone let me a hint?

    andremilke

  • I got it.

    andremilke

  • Stuck too, found out the session invoking the exfil, also the likely related POSTs, but can't figure out how to make use of the private key? Anyone mind nudging me towards how to try better?

    osku
    OSCP

Sign In to comment.