[Day 9] Where Is All This Data Going

{Network Forensics}


We are able to open the given pcap file with Wireshare to inspect it further.

http.request.method == GET

In the HTTP #1 - GET requests section, which directory is found on the web server?

  • login

http.request.method == POST

What is the username and password used in the login page in the HTTP #2 - POST section?


What is the User-Agent's name that has been sent in HTTP #2 - POST section?

  • TryHackMe-UserAgent-THM{d8ab1be969825f2c5c937aec23d55bc9}

udp.port == 53

What is the flag in the message of that DNS query?

  • THM{dd63a80bf9fdd21aabbf70af7438c257}


In the FTP section, what is the FTP login password

  • TryH@ckM3!

In the FTP section, what is the FTP command used to upload the secret.txt file?

  • STOR


In the FTP section, what is the content of the secret.txt file?

  • 123^-^321

Last updated