LogoLogo
  • 🤩Welcome!
  • Buffer overflow
    • Remote Buffer Overflow
      • Crashing the Application
      • Controlling the EIP
      • Finding Bad Characters
      • Finding a Return Address
      • Generating Shellcode
      • Getting a Shell
  • Wireless Penetration Testing
    • Wifi Pineapple - Tetra
      • Setup
      • Firmware Upgrade
      • Capturing Wireless Handshake
      • Cracking WPA2 Handshake
      • PineAP
      • Modules
  • PortSwigger Labs
    • Authentication
      • Username enumeration via different responses
      • Username enumeration via subtly different responses
      • Username enumeration via response timing
  • TryHackMe
    • 🎄Advent of Cyber 3 (2021)
      • [Day 1] Save The Gifts
      • [Day 2] Elf HR Problems
      • [Day 3] Christmas Blackout
      • [Day 4] Santa's Running Behind
      • [Day 5] Pesky Elf Forum
      • [Day 6] Patch Management Is Hard
      • [Day 7] Migration Without Security
      • [Day 8] Santa's Bag of Toys
      • [Day 9] Where Is All This Data Going
  • Google Cloud Computing
    • ☁️Cloud Computing Fundamentals
      • Getting Started with Cloud Shell and gcloud
      • Creating a Virtual Machine
      • App Engine: Qwik Start - Python
      • Cloud Functions: Qwik Start - Command Line
      • Kubernetes Engine: Qwik Start
      • Set Up Network and HTTP Load Balancers
Powered by GitBook
On this page

Was this helpful?

  1. TryHackMe
  2. Advent of Cyber 3 (2021)

[Day 9] Where Is All This Data Going

{Network Forensics}

Previous[Day 8] Santa's Bag of ToysNextCloud Computing Fundamentals

Last updated 3 years ago

Was this helpful?

Challenge

We are able to open the given pcap file with Wireshare to inspect it further.

http.request.method == GET

In the HTTP #1 - GET requests section, which directory is found on the web server?

  • login

http.request.method == POST

What is the username and password used in the login page in the HTTP #2 - POST section?

McSkidy:Christmas2021

What is the User-Agent's name that has been sent in HTTP #2 - POST section?

  • TryHackMe-UserAgent-THM{d8ab1be969825f2c5c937aec23d55bc9}

udp.port == 53

What is the flag in the message of that DNS query?

  • THM{dd63a80bf9fdd21aabbf70af7438c257}

tcp.port==21

In the FTP section, what is the FTP login password

  • TryH@ckM3!

In the FTP section, what is the FTP command used to upload the secret.txt file?

  • STOR

ftp-data

In the FTP section, what is the content of the secret.txt file?

  • 123^-^321

🎄