Comment on page
[Day 9] Where Is All This Data Going
{Network Forensics}
We are able to open the given pcap file with Wireshare to inspect it further.

http.request.method == GET

In the HTTP #1 - GET requests section, which directory is found on the web server?
- login
http.request.method == POST


What is the username and password used in the login page in the HTTP #2 - POST section?
McSkidy:Christmas2021

What is the User-Agent's name that has been sent in HTTP #2 - POST section?
- TryHackMe-UserAgent-THM{d8ab1be969825f2c5c937aec23d55bc9}
udp.port == 53


What is the flag in the message of that DNS query?
- THM{dd63a80bf9fdd21aabbf70af7438c257}
tcp.port==21

In the FTP section, what is the FTP login password
- TryH@ckM3!

In the FTP section, what is the FTP command used to upload the secret.txt file?
- STOR
ftp-data


In the FTP section, what is the content of the secret.txt file?
- 123^-^321