Opening the capture in Wireshark reveals a lot of DNS traffic (and 4 ARP requests): it definitely looks like a DNS tunnel.
Sunday, October 31, 2010
Hack.lu CTF - Challenge 9 "bottle" writeup, extracting data from an iodine DNS tunnel
Challenge #9 entitled "bottle" was original and worth its 500 points. We were given the following network capture and instructed to find a message.
Opening the capture in Wireshark reveals a lot of DNS traffic (and 4 ARP requests): it definitely looks like a DNS tunnel.
Opening the capture in Wireshark reveals a lot of DNS traffic (and 4 ARP requests): it definitely looks like a DNS tunnel.
Saturday, October 30, 2010
Hack.lu CTF - sscat writeup
Last week was hack.lu 2010 security conference as well a high quality CTF organized by fluxfingers CTF team. Again I played with Nibbles and we ended 2nd as you can see on the final scoreboard and my usual graphs (made possible thanks to fluxfingers).
Challenge 20 was a very nice exploitation level. We were given an SSH with a setuid binary called sscat (standing for Serious Substition Cipher Analysis Tool) - with source. We had to exploit the program in order to read the flag file.
Challenge 20 was a very nice exploitation level. We were given an SSH with a setuid binary called sscat (standing for Serious Substition Cipher Analysis Tool) - with source. We had to exploit the program in order to read the flag file.