Search
K
Links
Comment on page

[Day 9] Where Is All This Data Going

{Network Forensics}

Challenge

We are able to open the given pcap file with Wireshare to inspect it further.
http.request.method == GET
In the HTTP #1 - GET requests section, which directory is found on the web server?
  • login
http.request.method == POST
What is the username and password used in the login page in the HTTP #2 - POST section?
McSkidy:Christmas2021
What is the User-Agent's name that has been sent in HTTP #2 - POST section?
  • TryHackMe-UserAgent-THM{d8ab1be969825f2c5c937aec23d55bc9}
udp.port == 53
What is the flag in the message of that DNS query?
  • THM{dd63a80bf9fdd21aabbf70af7438c257}
tcp.port==21
In the FTP section, what is the FTP login password
  • TryH@ckM3!
In the FTP section, what is the FTP command used to upload the secret.txt file?
  • STOR
ftp-data
In the FTP section, what is the content of the secret.txt file?
  • 123^-^321