[Forensics] Marshal in the Middle

By any chance is the legible? like in the format of HTB{Blah}? I found where it looks to be posting the contents of a well known file from /etc/* and the break down of the cert. Any particular area that should be looked at more?

BTW which version of Wireshark did you guys use? I have 2.4.5 on my box and I believe there might be a bug with the challenge on that version

@k4r4koyun said:
BTW which version of Wireshark did you guys use? I have 2.4.5 on my box and I believe there might be a bug with the challenge on that version

The challenge is bugged. Do not try to do this one with up-to-date Wireshark installed in Kali Linux. I have downloaded Wireshark 2.1.1 from their site on my Windows computer and the flag is there.

Hi @k4r4koyun , I tested on Version 2.4.5 (Git v2.4.5 packaged as 2.4.5-1) on Kali 64 bit, and everything worked properly. Perhaps something was misconfigured?

@rotarydrone said:
Hi @k4r4koyun , I tested on Version 2.4.5 (Git v2.4.5 packaged as 2.4.5-1) on Kali 64 bit, and everything worked properly. Perhaps something was misconfigured?

Don’t think so, I didn’t change settings of my wireshark but decryption on my Kali was problematic. Can’t really say much from here without spoiling

i have a question about this challange. can anyone pm me ?

I got some information about the pastebin, the traffic. But the flag is not there. I think the flag is in another flow of information, I got the content but I can’t put this in a plain text. Could someone let me a hint?

I got it.

Stuck too, found out the session invoking the exfil, also the likely related POSTs, but can’t figure out how to make use of the private key? Anyone mind nudging me towards how to try better?

Nevermind… and facepalm… it was obvious when I just looked at it.

That was like a WTF ahaahahha moment when I got it. :slight_smile:

i found the Api_post_code in the wireshark,but how to find the flag?

Found plaintext data of user’s actions but cannot seem to find the flag …

i got the api request to the pastebin with confidential information, but while putting those as flag not working anymore, can some one please help here

Finally!!! got it. It was an awesome challenge guys

I loved this challenge!

Took me too long but I finally got it. The tools I need are right in front of me… =)

I have the evidence of an the exfil and the person deleting their tracks… can’t find the flag though! Can someone give me a clue from here.

bump

i am unable to understand some of the data…like there seem to be some strings whch dnt make sense …can i pm smebdy??? this is my frst challnge