Hey guys, i've been working on Marshal in the Middle and have seen the dump showing what data was taken and I was assuming the flag would have been in there, but doesn't seem to work. Hoping someone can throw me a hint, not an answer
animal1111, PM'd you. d3c3pt10n. just like when you're lost in the woods: find a stream and follow it.
the flag is in plain sight but you do have to dig into the data. As I mentioned to anima1111 - this was my first puz so I had no idea what to look for. It really is obvious when you see it.
@anima1111 said:
Thanks for the hint grauwulf. Unfortunately, I have followed the stream and saw what took place, but I have been unsuccessful in the flag input part.
Perhaps you are using the wrong 'spectacles' to look at the encrypted data.
you already got what you need @imrnrza
there's a big spoiler on above comment (which is quoted by @briyani)
while there's a google on how you can solve this challenge.
I'm struggling with this one too. Pretty sure I found the exfiltrated data but not able to locate the flag. Can someone help me out? PM to avoid spoilers.
Will this challenge end in a standard flag? I believe I know what is ex filled wondering if we need to crack any of the data. Trying not to give away any spoilers. I have a stream the stream shows some commands gathering some sensitive data and sending it off. i dont have a forensics background, just taking a shot from the knowledge i have and some classes I have taken.
I think I also solved it. I could decrypt the messages from the attacker and read the sensible data, but I cannot find the correct flag. Can someone help me to find the exact flag.
@genxweb said:
Will this challenge end in a standard flag? I believe I know what is ex filled wondering if we need to crack any of the data. Trying not to give away any spoilers. I have a stream the stream shows some commands gathering some sensitive data and sending it off. i dont have a forensics background, just taking a shot from the knowledge i have and some classes I have taken.
I've got the trail of our guy but it looks like I can get the first and the second part of something but not the third part and I'm sure that the third part has the juice.
Yeah Iam stuck there on the in the middle part. found the sensitive data and where it came from then looked there and think i have the packet but for some reason that packet does not seem to decode.
By any chance is the legible? like in the format of HTB{Blah}? I found where it looks to be posting the contents of a well known file from /etc/* and the break down of the cert. Any particular area that should be looked at more?
@k4r4koyun said:
BTW which version of Wireshark did you guys use? I have 2.4.5 on my box and I believe there might be a bug with the challenge on that version
The challenge is bugged. Do not try to do this one with up-to-date Wireshark installed in Kali Linux. I have downloaded Wireshark 2.1.1 from their site on my Windows computer and the flag is there.
Hi @k4r4koyun , I tested on Version 2.4.5 (Git v2.4.5 packaged as 2.4.5-1) on Kali 64 bit, and everything worked properly. Perhaps something was misconfigured?
@rotarydrone said:
Hi @k4r4koyun , I tested on Version 2.4.5 (Git v2.4.5 packaged as 2.4.5-1) on Kali 64 bit, and everything worked properly. Perhaps something was misconfigured?
Don't think so, I didn't change settings of my wireshark but decryption on my Kali was problematic. Can't really say much from here without spoiling
I got some information about the pastebin, the traffic. But the flag is not there. I think the flag is in another flow of information, I got the content but I can't put this in a plain text. Could someone let me a hint?
Stuck too, found out the session invoking the exfil, also the likely related POSTs, but can't figure out how to make use of the private key? Anyone mind nudging me towards how to try better?
Comments
Nvm ignore this, this never happened.
Spoiler Removed - Arrexel
and yes.
For some reason it seems I can not edit my post... Thanks for confirming the direction I took though ^_^
You are in the right direction. Think of what you are looking for, how it will look like and what makes it important, you'll catch it. keep going.
Spoiler Removed - Arrexel
NM. I got it. Thanks. I guess I was just looking a little too hard. :-/
That's where I'm stuck. I can see the actual exfiltration occur, but not seeing the flag...
Me too. Can someone PM?
animal1111, PM'd you. d3c3pt10n. just like when you're lost in the woods: find a stream and follow it.
the flag is in plain sight but you do have to dig into the data. As I mentioned to anima1111 - this was my first puz so I had no idea what to look for. It really is obvious when you see it.
Happy Hunting
Thanks for the hint grauwulf. Unfortunately, I have followed the stream and saw what took place, but I have been unsuccessful in the flag input part.
Perhaps you are using the wrong 'spectacles' to look at the encrypted data.
Need some nudge all above already tried ...
you already got what you need @imrnrza
there's a big spoiler on above comment (which is quoted by @briyani)
while there's a google on how you can solve this challenge.
The impact of the work done by Diffie-Hellman is absolutely Not Ephemeral
I'm struggling with this one too. Pretty sure I found the exfiltrated data but not able to locate the flag. Can someone help me out? PM to avoid spoilers.
Will this challenge end in a standard flag? I believe I know what is ex filled wondering if we need to crack any of the data. Trying not to give away any spoilers. I have a stream the stream shows some commands gathering some sensitive data and sending it off. i dont have a forensics background, just taking a shot from the knowledge i have and some classes I have taken.
@genxweb you have a lead, just follow it. You have everything you need already.
OSCP
I think I also solved it. I could decrypt the messages from the attacker and read the sensible data, but I cannot find the correct flag. Can someone help me to find the exact flag.
I've got the trail of our guy but it looks like I can get the first and the second part of something but not the third part and I'm sure that the third part has the juice.
Yeah Iam stuck there on the in the middle part. found the sensitive data and where it came from then looked there and think i have the packet but for some reason that packet does not seem to decode.
By any chance is the legible? like in the format of HTB{Blah}? I found where it looks to be posting the contents of a well known file from /etc/* and the break down of the cert. Any particular area that should be looked at more?
BTW which version of Wireshark did you guys use? I have 2.4.5 on my box and I believe there might be a bug with the challenge on that version
The challenge is bugged. Do not try to do this one with up-to-date Wireshark installed in Kali Linux. I have downloaded Wireshark 2.1.1 from their site on my Windows computer and the flag is there.
Hi @k4r4koyun , I tested on
Version 2.4.5 (Git v2.4.5 packaged as 2.4.5-1)
on Kali 64 bit, and everything worked properly. Perhaps something was misconfigured?OSCP
Don't think so, I didn't change settings of my wireshark but decryption on my Kali was problematic. Can't really say much from here without spoiling
i have a question about this challange. can anyone pm me ?
I got some information about the pastebin, the traffic. But the flag is not there. I think the flag is in another flow of information, I got the content but I can't put this in a plain text. Could someone let me a hint?
I got it.
Stuck too, found out the session invoking the exfil, also the likely related POSTs, but can't figure out how to make use of the private key? Anyone mind nudging me towards how to try better?
OSCP