| .. | ||
| ressources | ||
| flag | ||
| README.md | ||
Level02
The connection to the level02 account is done with as password the flag of level 01.
During the connection I go into the home of level02 and I notice a file:
ls -l
total 12
----r--r-- 1 flag02 level02 8302 Aug 30 2015 level02.pcap
The extension is PCAP (that is the anagram of Packet Capture Data).
I therefore decide to look with Wireshark what happens in this capture.
All my searches are configured like this (packet byte / String) I start by searching flag but no packet.
When I search password there I find frame 43.
I therefore decide to follow it and fall on the following frame:
..%
..%
..&..... ..#..'..$
..&..... ..#..'..$
.. .....#.....'.........
.. .38400,38400....#.SodaCan:0....'..DISPLAY.SodaCan:0......xterm..
........"........!
........"..".....b........b.... B.
..............................1.......!
.."....
.."....
..!..........."
........"
.."............. ..
.....................
Linux 2.6.38-8-generic-pae (::ffff:10.1.1.2) (pts/10)
..wwwbugs login:
l
.l
e
.e
v
.v
e
.e
l
.l
X
.X
..
Password:
ft_wandr...NDRel.L0L
.
..
Login incorrect
wwwbugs login:
More particularly it is the version with the hexadecimal which is going to interest us:
000000D6 00 0d 0a 50 61 73 73 77 6f 72 64 3a 20 ...Passw ord:
000000B9 66 f
000000BA 74 t
000000BB 5f _
000000BC 77 w
000000BD 61 a
000000BE 6e n
000000BF 64 d
000000C0 72 r
000000C1 7f .
000000C2 7f .
000000C3 7f .
000000C4 4e N
000000C5 44 D
000000C6 52 R
000000C7 65 e
000000C8 6c l
000000C9 7f .
000000CA 4c L
000000CB 30 0
000000CC 4c L
000000CD 0d .
000000E3 00 0d 0a ...
000000E6 01 .
000000E7 00 0d 0a 4c 6f 67 69 6e 20 69 6e 63 6f 72 72 65 ...Login incorre
000000F7 63 74 0d 0a 77 77 77 62 75 67 73 20 6c 6f 67 69 ct..wwwb ugs logi
00000107 6e 3a 20 n:
With the ascii table we can see that the dots are in hexa 7f that is 127 that is DEL (the rest of the letters correspond).
I therefore try to connect with the following password: ft_waNDReL0L