Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the ultimate-blocks domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/margheri/public_html/wp-includes/functions.php on line 6121

Notice: _load_textdomain_just_in_time işlevi yanlış çağrıldı. Translation loading for the perfect-portfolio domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Ayrıntılı bilgi almak için lütfen WordPress hata ayıklama bölümüne bakın. (Bu ileti 6.7.0 sürümünde eklendi.) in /home/margheri/public_html/wp-includes/functions.php on line 6121
WolvCTF Forensics Eternally Pwned: Infiltration Writeup - Aleyna Doğan

Aleyna

CTF Writeup WolvCTF 2024

WolvCTF Forensics Eternally Pwned: Infiltration Writeup

updated on

CTF link.

I recently had my passwords and other sensitive data leaked, but I have no idea how. Can you figure out how the attacker got in to my PC?

The pcap file is opened in Wireshark and if we browse the packet in it, SMB packages attract attention and we select SMB as a filter in the first stage.

If we look inside the SMB packages, we see frames where base64 decoders are available.

If we copy the TCP stream content and delete the redundancies, we get our base64 code.

We get three base64 codes, decode them separately, and then combine them to get the flag.

wctf{l3tS_3teRn4lLy_g0_bLU3_7n9wm4iWnL}

More WolvCTF Writeup
Tags :

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir