MQCyberSec

MQCyberSec Logo

MQCyberSec
Back to Writeups

Baby's First Forensics

by sealldev
🚩 CTFs DownUnderCTF 2024 forensics
Suggested: #network-forensics
Baby's First Forensics / DownUnderCTF 2024
Baby's First Forensics

Description

They've been trying to breach our infrastructure all morning! They're trying to get more info on our covert kangaroos! We need your help, we've captured some traffic of them attacking us, can you tell us what tool they were using and its version?
NOTE: Wrap your answer in the DUCTF{}, e.g. DUCTF{nmap_7.25}

Original Writeup on seall.dev

We are given a .pcap I open in Wireshark and get to work, I see HTTP traffic so start by filtering by http and following the HTTP stream.

We can see in the User Agent of the HTTP stream this: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:getinfo)

Flag: DUCTF{Nikto_2.1.6}

Related Writeups

Information

Files can always be changed in a secret way. Can you find the flag? Hint: Look at the details of the file Hint: Make su ...

#easy

Mob psycho

Can you handle APKs?

#medium

Secret of the Polyglot

The Network Operations Center (NOC) of your local institution picked up a suspicious file, they're getting conflicting i ...

#easy

Share this writeup

Contribute

Found an issue or want to improve this writeup?

Edit on GitHub