tag:blogger.com,1999:blog-12783726.post2674740664907479108..comments2024-02-19T16:39:32.319+08:00Comments on When {Puffy} Meets ^RedDevil^: HeX 021: Resolving Ihack 2008 password.pcapC.S.Leehttp://www.blogger.com/profile/10778262436985693992noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-12783726.post-92061480182798230072010-07-29T23:09:44.073+08:002010-07-29T23:09:44.073+08:00wow.. i google the ihack about more than 3 week..h...wow.. i google the ihack about more than 3 week..hoping the google will index the real stuff of ihack..<br /><br />but this blog not index... from 1 page to last page of google search based from keyword "ihack uitm"..<br /><br />i find the post when searching about security in malaysia at security.org.my.. then some backlink to this page and hex live cd..wow :DMASOKIShttp://www.masokis.comnoreply@blogger.comtag:blogger.com,1999:blog-12783726.post-43296483152212842402008-09-01T16:59:00.000+08:002008-09-01T16:59:00.000+08:00geek00l...thanks for the nice tutorial..but i got ...geek00l...thanks for the nice tutorial..but i got this error while using tshark<BR/><BR/>C:\Program Files\Wireshark>tshark -Tfields -e 'tcp.seq' -nr password.pcap -o tcp<BR/>.relative_sequence_numbers:FALSE -R 'ip.src == 10.10.3.126'<BR/><BR/>tshark: Read filters were specified both with "-R" and with additional command-l<BR/>ine argumentsAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-12783726.post-35090487386552146602008-08-20T16:49:00.000+08:002008-08-20T16:49:00.000+08:00hi cslee,Hahaha, my arguments was meant for this k...hi cslee,<BR/><BR/>Hahaha, my arguments was meant for this kinda challenge so call "ihack"..<BR/><BR/>it's a very simple task and while the clock is ticking, i dont think "the boys" would have to run all the "1337's" command just to find a plain txt passwd file and even if u look through all the q's, i guess simple command like strings and grep would do the job.<BR/><BR/>time is money maaaa.. if i were to participate in this kinda event, i dont think i ever gonna use such steps that u've shown..<BR/><BR/>when i was at the recent blackhat, everyone is "weaponed" with simple *nix command to do all the tasks given.<BR/><BR/>it would be nice if i could have tougher challenge.. perghhhh<BR/><BR/>-9-Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-12783726.post-47246241718399285882008-08-20T15:31:00.000+08:002008-08-20T15:31:00.000+08:00hi y0nd13,How do we actually fingerprint the OS fr...hi y0nd13,<BR/><BR/>How do we actually fingerprint the OS from network traffic(pcap), you can ask yourself, if you want to fingerprint the application, where are you going to look at?<BR/><BR/>Application Fingerpriting - Application Layer<BR/><BR/>For example if you want to identify if it runs apache or iis, you should look at application layer. And if you want to identify which OS, look at the network stack that is generated by the OS, therefore you should look at layer 3(IP header) and 4(TCP/UDP header).<BR/><BR/>Take the simple example, the default ttl of windows is 128 but default ttl of linux is 64, if the packets are not routed, you can actually pretty much confirming which OS it is, however bear in mind that some people will just modify the network stack of OS to fool tools like p0f, that's also how low interaction honeypot works(look at honeyd).<BR/><BR/>However in the packet challenge, you can see it is quite obvious which OS generates the traffic. Of course you can run p0f to make your job simpler and confirm it with your own interpretation later. <BR/><BR/>Cheers!C.S.Leehttps://www.blogger.com/profile/10778262436985693992noreply@blogger.comtag:blogger.com,1999:blog-12783726.post-21891245765420637362008-08-20T12:07:00.000+08:002008-08-20T12:07:00.000+08:00@findmeifucan:dude, from man strings.print the st...@findmeifucan:<BR/><BR/>dude, from man strings.<BR/><BR/>print the strings of printable characters in files.<BR/><BR/>It's not the correct way to analyze a pcap file , but bro Ayoi is kind enough to store the password in a plain text from(mean it's not salted or encrypted in anyways). But yeah there are still people who don`t have any idea how to analyze it.<BR/><BR/>@geek00l:<BR/><BR/>Thanks for the wonderful guide, one more think bro i would like to ask how do we actually determine an OS fingerprint using from a pcap file?<~!@#>https://www.blogger.com/profile/06393583712129388110noreply@blogger.comtag:blogger.com,1999:blog-12783726.post-65993403747594660682008-08-20T03:43:00.000+08:002008-08-20T03:43:00.000+08:00hi findmeifucan,I know the strings command work fo...hi findmeifucan,<BR/><BR/>I know the strings command work for this, but looking at the challenge, it is meant to examine the network traffic and figure out the passphrase. <BR/><BR/>Strings command works for this challenge, but may not for the other as network traffic based challenge is not going to be solved that easily and straightforward.<BR/><BR/>I would rather tell people the right thing to learn instead of going by shortcut.C.S.Leehttps://www.blogger.com/profile/10778262436985693992noreply@blogger.comtag:blogger.com,1999:blog-12783726.post-33636555787702199032008-08-20T02:27:00.000+08:002008-08-20T02:27:00.000+08:00strings and nsm-console r0xstrings and nsm-console r0xAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-12783726.post-43087535510255122772008-08-20T02:02:00.000+08:002008-08-20T02:02:00.000+08:00dude..Why lar make ur life so difficult maaa..I do...dude..<BR/><BR/>Why lar make ur life so difficult maaa..<BR/><BR/>I dont agree with u using this kinda HeX or whatever for this simple "task"..<BR/><BR/>"They" should have known these basic weapon when running *nix<BR/><BR/>Not need all the kira-kira decimal.. tsk.tsk.tsk wont help much in this case<BR/><BR/>just run basic *nix command would do..<BR/><BR/>"strings" Rulz.. adehhhh...Anonymousnoreply@blogger.com