Home Unlabelled TAMUctf 18 Writeup: ClandestineEnforced

TAMUctf 18 Writeup: ClandestineEnforced

By
Sunday, February 25, 2018
Read
Add Comment

Scenario - ClandestineEnforced

This was a series of fun OSINT and recon challenges, involving phishing emails, social media, analyzing images, pcaps, and passwords hashes. This is also a great introduction to some reliable and simple techniques, so enjoy!

01_Phishing

Q: List the emails that are phishing in numerical order (5,6,7,etc)
A: 1,2

These phishing emails give us our first links to the attacker infrastructure. 
Always inspect the links before clicking!

02_InformationGathering


Q 1: What is the animal that is the theme of Clandestine Enforced (lowercase)?
A 1: cat

Q 2: Who is the main creator of Clandestine Enforced (First Last)?
A 2: Madden Forced

Q 3: Who's Facebook page is linked to the website (Page Name)?
A 3: madden.force.3

Q 4: What is the birthday of the maker of Clandestine Enforced? (enter as 01 Jan 2001)
A 4: 10 Feb 1988

The phishing emails take us to a phishing document, which links to a facebook page and also the personal facebook of the creator.

03_OSINT

Q 1: What school did Madden Forced attend?
A 1: Texas A&M University

Q 2: What is Madden Forced's country of origin?
A 2: Afghanistan

Q 3: What is the name of the pcap that Madden Forced owns? (all lowercase .pcap)
A 3: basicTraining.pcapng
The image of Afghanistan and the pcap were both found on Madden's page. I used Google's reverse image search to find what location the picture was.

  

04_PcapAnalysis


Q 1: What IP address had the file on it?
A 1:10.0.2.7

Q 2: What IP address was the file transferred to?
A 2: 10.0.2.10

Q 3: What is the protocol that was used to transfer the file?
A 3: FTP

Q 4: What is the name of the file in the pcap?
A 4: shadow.txt

Q 5: What is the md5 hash of the file?
A 5: 3005b13c97256fbef5b3b77224f4232b

We can easily get all of this information by following the ftp stream in the pcap file:

05_CryptoAnalysis 

Q 1: What is the password for Madden?
A 1: robot

Q 2: What is the password for Clandestine?
A 2: track311track

Q 3: What is the password for madhacker?
A 3: Hacker
Finally these hashes are simple to lookup in an MD5 database online
https://isc.sans.edu/tools/reversehash.html
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us