300 lines
22 KiB
Markdown
300 lines
22 KiB
Markdown
# Level 02
|
||
|
||
## how to login
|
||
|
||
username: level02
|
||
|
||
password: f2av5il02puano7naaf6adaaf
|
||
|
||
## Goal
|
||
|
||
run `getflag` as user `flag02`
|
||
|
||
## Actually doing something
|
||
|
||
as always:
|
||
|
||
```bash
|
||
level02@SnowCrash:~$ ll
|
||
total 24
|
||
dr-x------ 1 level02 level02 120 Mar 5 2016 ./
|
||
d--x--x--x 1 root users 340 Aug 30 2015 ../
|
||
-r-x------ 1 level02 level02 220 Apr 3 2012 .bash_logout*
|
||
-r-x------ 1 level02 level02 3518 Aug 30 2015 .bashrc*
|
||
----r--r-- 1 flag02 level02 8302 Aug 30 2015 level02.pcap
|
||
-r-x------ 1 level02 level02 675 Apr 3 2012 .profile*
|
||
```
|
||
|
||
we have a new one !
|
||
|
||
lets try to find what this .pcap file is actually
|
||
|
||
```bash
|
||
level02@SnowCrash:~$ file level02.pcap
|
||
level02.pcap: tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 16777216)
|
||
```
|
||
|
||
seems like a job for wireshark !
|
||
#### What is wireshark ?
|
||
|
||
Wireshark is a program that allows the user to look at network (and a lot of other stuff) packets, with alot of information
|
||
It can try to parse packets, show you information and is overhall VERY USERFULL to understand what is happening
|
||
|
||
#### Using Wireshark
|
||
|
||
We can load the capture file into wireshark, and then we get presented with a list of packets.
|
||
|
||
```bash
|
||
❯ nix run nixpkgs\#wireshark-cli -- -r ./level02.pcap
|
||
1 0.000000 59.233.235.218 → 59.233.235.223 TCP 74 39247 → 12121 [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM TSval=18592800 TSecr=0 WS=128
|
||
2 0.000128 59.233.235.223 → 59.233.235.218 TCP 74 12121 → 39247 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM TSval=46280417 TSecr=18592800 WS=32
|
||
3 0.000390 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=1 Ack=1 Win=14720 Len=0 TSval=18592800 TSecr=46280417
|
||
4 0.036008 59.233.235.223 → 59.233.235.218 TCP 69 12121 → 39247 [PSH, ACK] Seq=1 Ack=1 Win=14496 Len=3 TSval=46280426 TSecr=18592800
|
||
5 0.036255 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=1 Ack=4 Win=14720 Len=0 TSval=18592804 TSecr=46280426
|
||
6 0.036276 59.233.235.218 → 59.233.235.223 TCP 69 39247 → 12121 [PSH, ACK] Seq=1 Ack=4 Win=14720 Len=3 TSval=18592804 TSecr=46280426
|
||
7 0.036396 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=4 Ack=4 Win=14496 Len=0 TSval=46280426 TSecr=18592804
|
||
8 0.036581 59.233.235.223 → 59.233.235.218 TCP 84 12121 → 39247 [PSH, ACK] Seq=4 Ack=4 Win=14496 Len=18 TSval=46280426 TSecr=18592804
|
||
9 0.036698 59.233.235.218 → 59.233.235.223 TCP 84 39247 → 12121 [PSH, ACK] Seq=4 Ack=22 Win=14720 Len=18 TSval=18592804 TSecr=46280426
|
||
10 0.036859 59.233.235.223 → 59.233.235.218 TCP 90 12121 → 39247 [PSH, ACK] Seq=22 Ack=22 Win=14496 Len=24 TSval=46280426 TSecr=18592804
|
||
11 0.037039 59.233.235.218 → 59.233.235.223 TCP 133 39247 → 12121 [PSH, ACK] Seq=22 Ack=46 Win=14720 Len=67 TSval=18592804 TSecr=46280426
|
||
12 0.039170 59.233.235.223 → 59.233.235.218 TCP 84 12121 → 39247 [PSH, ACK] Seq=46 Ack=89 Win=14496 Len=18 TSval=46280427 TSecr=18592804
|
||
13 0.039392 59.233.235.218 → 59.233.235.223 TCP 140 39247 → 12121 [PSH, ACK] Seq=89 Ack=64 Win=14720 Len=74 TSval=18592804 TSecr=46280427
|
||
14 0.039704 59.233.235.223 → 59.233.235.218 TCP 73 12121 → 39247 [PSH, ACK] Seq=64 Ack=163 Win=14496 Len=7 TSval=46280427 TSecr=18592804
|
||
15 0.039842 59.233.235.218 → 59.233.235.223 TCP 73 39247 → 12121 [PSH, ACK] Seq=163 Ack=71 Win=14720 Len=7 TSval=18592804 TSecr=46280427
|
||
16 0.040138 59.233.235.223 → 59.233.235.218 TCP 81 12121 → 39247 [PSH, ACK] Seq=71 Ack=170 Win=14496 Len=15 TSval=46280427 TSecr=18592804
|
||
17 0.040277 59.233.235.218 → 59.233.235.223 TCP 75 39247 → 12121 [PSH, ACK] Seq=170 Ack=86 Win=14720 Len=9 TSval=18592804 TSecr=46280427
|
||
18 0.040450 59.233.235.223 → 59.233.235.218 TCP 107 12121 → 39247 [PSH, ACK] Seq=86 Ack=179 Win=14496 Len=41 TSval=46280427 TSecr=18592804
|
||
19 0.071743 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=179 Ack=127 Win=14720 Len=0 TSval=18592808 TSecr=46280427
|
||
20 0.071825 59.233.235.223 → 59.233.235.218 TCP 141 12121 → 39247 [PSH, ACK] Seq=127 Ack=179 Win=14496 Len=75 TSval=46280435 TSecr=18592808
|
||
21 0.071976 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=179 Ack=202 Win=14720 Len=0 TSval=18592808 TSecr=46280435
|
||
22 12.223886 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=179 Ack=202 Win=14720 Len=1 TSval=18594023 TSecr=46280435
|
||
23 12.229432 59.233.235.223 → 59.233.235.218 TCP 68 12121 → 39247 [PSH, ACK] Seq=202 Ack=180 Win=14496 Len=2 TSval=46283475 TSecr=18594023
|
||
24 12.229592 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=180 Ack=204 Win=14720 Len=0 TSval=18594023 TSecr=46283475
|
||
25 12.323890 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=180 Ack=204 Win=14720 Len=1 TSval=18594033 TSecr=46283475
|
||
26 12.329436 59.233.235.223 → 59.233.235.218 TCP 68 12121 → 39247 [PSH, ACK] Seq=204 Ack=181 Win=14496 Len=2 TSval=46283500 TSecr=18594033
|
||
27 12.329654 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=181 Ack=206 Win=14720 Len=0 TSval=18594033 TSecr=46283500
|
||
28 12.553547 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=181 Ack=206 Win=14720 Len=1 TSval=18594056 TSecr=46283500
|
||
29 12.561397 59.233.235.223 → 59.233.235.218 TCP 68 12121 → 39247 [PSH, ACK] Seq=206 Ack=182 Win=14496 Len=2 TSval=46283558 TSecr=18594056
|
||
30 12.561533 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=182 Ack=208 Win=14720 Len=0 TSval=18594056 TSecr=46283558
|
||
31 12.644167 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=182 Ack=208 Win=14720 Len=1 TSval=18594065 TSecr=46283558
|
||
32 12.649394 59.233.235.223 → 59.233.235.218 TCP 68 12121 → 39247 [PSH, ACK] Seq=208 Ack=183 Win=14496 Len=2 TSval=46283580 TSecr=18594065
|
||
33 12.649527 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=183 Ack=210 Win=14720 Len=0 TSval=18594065 TSecr=46283580
|
||
34 12.714079 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=183 Ack=210 Win=14720 Len=1 TSval=18594072 TSecr=46283580
|
||
35 12.721391 59.233.235.223 → 59.233.235.218 TCP 68 12121 → 39247 [PSH, ACK] Seq=210 Ack=184 Win=14496 Len=2 TSval=46283598 TSecr=18594072
|
||
36 12.721530 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=184 Ack=212 Win=14720 Len=0 TSval=18594072 TSecr=46283598
|
||
37 13.043928 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=184 Ack=212 Win=14720 Len=1 TSval=18594105 TSecr=46283598
|
||
38 13.049520 59.233.235.223 → 59.233.235.218 TCP 68 12121 → 39247 [PSH, ACK] Seq=212 Ack=185 Win=14496 Len=2 TSval=46283680 TSecr=18594105
|
||
39 13.049762 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=185 Ack=214 Win=14720 Len=0 TSval=18594105 TSecr=46283680
|
||
40 13.823856 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=185 Ack=214 Win=14720 Len=1 TSval=18594183 TSecr=46283680
|
||
41 13.827303 59.233.235.223 → 59.233.235.218 TCP 67 12121 → 39247 [PSH, ACK] Seq=214 Ack=186 Win=14496 Len=1 TSval=46283874 TSecr=18594183
|
||
42 13.827557 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=186 Ack=215 Win=14720 Len=0 TSval=18594183 TSecr=46283874
|
||
43 13.827653 59.233.235.223 → 59.233.235.218 TCP 79 12121 → 39247 [PSH, ACK] Seq=215 Ack=186 Win=14496 Len=13 TSval=46283874 TSecr=18594183
|
||
44 13.827763 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=186 Ack=228 Win=14720 Len=0 TSval=18594183 TSecr=46283874
|
||
45 22.095852 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=186 Ack=228 Win=14720 Len=1 TSval=18595010 TSecr=46283874
|
||
46 22.133398 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=187 Win=14496 Len=0 TSval=46285951 TSecr=18595010
|
||
47 22.985487 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=187 Ack=228 Win=14720 Len=1 TSval=18595099 TSecr=46285951
|
||
48 22.985568 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=188 Win=14496 Len=0 TSval=46286164 TSecr=18595099
|
||
49 23.605835 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=188 Ack=228 Win=14720 Len=1 TSval=18595161 TSecr=46286164
|
||
50 23.605906 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=189 Win=14496 Len=0 TSval=46286319 TSecr=18595161
|
||
51 24.076245 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=189 Ack=228 Win=14720 Len=1 TSval=18595208 TSecr=46286319
|
||
52 24.076322 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=190 Win=14496 Len=0 TSval=46286436 TSecr=18595208
|
||
53 24.306019 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=190 Ack=228 Win=14720 Len=1 TSval=18595231 TSecr=46286436
|
||
54 24.306080 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=191 Win=14496 Len=0 TSval=46286494 TSecr=18595231
|
||
55 24.535764 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=191 Ack=228 Win=14720 Len=1 TSval=18595254 TSecr=46286494
|
||
56 24.535825 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=192 Win=14496 Len=0 TSval=46286551 TSecr=18595254
|
||
57 24.675695 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=192 Ack=228 Win=14720 Len=1 TSval=18595268 TSecr=46286551
|
||
58 24.675752 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=193 Win=14496 Len=0 TSval=46286586 TSecr=18595268
|
||
59 25.016142 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=193 Ack=228 Win=14720 Len=1 TSval=18595302 TSecr=46286586
|
||
60 25.016217 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=194 Win=14496 Len=0 TSval=46286671 TSecr=18595302
|
||
61 26.596535 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=194 Ack=228 Win=14720 Len=1 TSval=18595460 TSecr=46286671
|
||
62 26.596615 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=195 Win=14496 Len=0 TSval=46287066 TSecr=18595460
|
||
63 26.966369 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=195 Ack=228 Win=14720 Len=1 TSval=18595497 TSecr=46287066
|
||
64 26.966450 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=196 Win=14496 Len=0 TSval=46287159 TSecr=18595497
|
||
65 27.336798 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=196 Ack=228 Win=14720 Len=1 TSval=18595534 TSecr=46287159
|
||
66 27.336848 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=197 Win=14496 Len=0 TSval=46287251 TSecr=18595534
|
||
67 28.106976 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=197 Ack=228 Win=14720 Len=1 TSval=18595611 TSecr=46287251
|
||
68 28.107054 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=198 Win=14496 Len=0 TSval=46287444 TSecr=18595611
|
||
69 28.306873 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=198 Ack=228 Win=14720 Len=1 TSval=18595631 TSecr=46287444
|
||
70 28.306942 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=199 Win=14496 Len=0 TSval=46287494 TSecr=18595631
|
||
71 29.996885 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=199 Ack=228 Win=14720 Len=1 TSval=18595800 TSecr=46287494
|
||
72 29.996963 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=200 Win=14496 Len=0 TSval=46287916 TSecr=18595800
|
||
73 31.307388 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=200 Ack=228 Win=14720 Len=1 TSval=18595931 TSecr=46287916
|
||
74 31.307470 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=201 Win=14496 Len=0 TSval=46288244 TSecr=18595931
|
||
75 31.747118 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=201 Ack=228 Win=14720 Len=1 TSval=18595975 TSecr=46288244
|
||
76 31.747176 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=202 Win=14496 Len=0 TSval=46288354 TSecr=18595975
|
||
77 32.367715 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=202 Ack=228 Win=14720 Len=1 TSval=18596037 TSecr=46288354
|
||
78 32.367798 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=203 Win=14496 Len=0 TSval=46288509 TSecr=18596037
|
||
79 32.537454 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=203 Ack=228 Win=14720 Len=1 TSval=18596054 TSecr=46288509
|
||
80 32.537506 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=204 Win=14496 Len=0 TSval=46288552 TSecr=18596054
|
||
81 32.807373 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=204 Ack=228 Win=14720 Len=1 TSval=18596081 TSecr=46288552
|
||
82 32.807426 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=205 Win=14496 Len=0 TSval=46288619 TSecr=18596081
|
||
83 32.837328 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=205 Ack=228 Win=14720 Len=1 TSval=18596084 TSecr=46288619
|
||
84 32.837382 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=206 Win=14496 Len=0 TSval=46288626 TSecr=18596084
|
||
85 33.697667 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=206 Ack=228 Win=14720 Len=1 TSval=18596170 TSecr=46288626
|
||
86 33.697744 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=207 Win=14496 Len=0 TSval=46288842 TSecr=18596170
|
||
87 33.705420 59.233.235.223 → 59.233.235.218 TCP 69 12121 → 39247 [PSH, ACK] Seq=228 Ack=207 Win=14496 Len=3 TSval=46288844 TSecr=18596170
|
||
88 33.705616 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=207 Ack=231 Win=14720 Len=0 TSval=18596170 TSecr=46288844
|
||
89 36.462504 59.233.235.223 → 59.233.235.218 TCP 67 12121 → 39247 [PSH, ACK] Seq=231 Ack=207 Win=14496 Len=1 TSval=46289533 TSecr=18596170
|
||
90 36.462761 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=207 Ack=232 Win=14720 Len=0 TSval=18596446 TSecr=46289533
|
||
91 36.462858 59.233.235.223 → 59.233.235.218 TCP 101 12121 → 39247 [PSH, ACK] Seq=232 Ack=207 Win=14496 Len=35 TSval=46289533 TSecr=18596446
|
||
92 36.463013 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=207 Ack=267 Win=14720 Len=0 TSval=18596446 TSecr=46289533
|
||
93 42.109464 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [FIN, ACK] Seq=207 Ack=267 Win=14720 Len=0 TSval=18597011 TSecr=46289533
|
||
94 42.110028 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [FIN, ACK] Seq=267 Ack=208 Win=14496 Len=0 TSval=46290945 TSecr=18597011
|
||
95 42.110236 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=208 Ack=268 Win=14720 Len=0 TSval=18597011 TSecr=46290945
|
||
```
|
||
|
||
So yeah... Tcp is not a nice protocol to look at if you don't know anything
|
||
|
||
Looking at packets by hand in the gui, I can see some ASCII text
|
||
```plain
|
||
$'E@@A;;/YOtK
|
||
.(
|
||
Linux 2.6.38-8-generic-pae (::ffff:10.1.1.2) (pts/10)
|
||
|
||
wwwbugs login:
|
||
```
|
||
|
||
Wireshark as a way to see the "total" TCP converstation
|
||
We *could* do it by hand, copying every "data" section and pasting it into a single file, but why do it when wireshare does it better
|
||
|
||
If we do that, we get an nicely formatted stuff
|
||
|
||
```hexdump
|
||
00000000 ff fd 25 ..%
|
||
00000000 ff fc 25 ..%
|
||
00000003 ff fb 26 ff fd 18 ff fd 20 ff fd 23 ff fd 27 ff ..&..... ..#..'.
|
||
00000013 fd 24 .$
|
||
00000003 ff fe 26 ff fb 18 ff fb 20 ff fb 23 ff fb 27 ff ..&..... ..#..'.
|
||
00000013 fc 24 .$
|
||
00000015 ff fa 20 01 ff f0 ff fa 23 01 ff f0 ff fa 27 01 .. ..... #.....'.
|
||
00000025 ff f0 ff fa 18 01 ff f0 ........
|
||
00000015 ff fa 20 00 33 38 34 30 30 2c 33 38 34 30 30 ff .. .3840 0,38400.
|
||
00000025 f0 ff fa 23 00 53 6f 64 61 43 61 6e 3a 30 ff f0 ...#.Sod aCan:0..
|
||
00000035 ff fa 27 00 00 44 49 53 50 4c 41 59 01 53 6f 64 ..'..DIS PLAY.Sod
|
||
00000045 61 43 61 6e 3a 30 ff f0 ff fa 18 00 78 74 65 72 aCan:0.. ....xter
|
||
00000055 6d ff f0 m..
|
||
0000002D ff fb 03 ff fd 01 ff fd 22 ff fd 1f ff fb 05 ff ........ ".......
|
||
0000003D fd 21 .!
|
||
00000058 ff fd 03 ff fc 01 ff fb 22 ff fa 22 03 01 00 00 ........ ".."....
|
||
00000068 03 62 03 04 02 0f 05 00 00 07 62 1c 08 02 04 09 .b...... ..b.....
|
||
00000078 42 1a 0a 02 7f 0b 02 15 0f 02 11 10 02 13 11 02 B....... ........
|
||
00000088 ff ff 12 02 ff ff ff f0 ff fb 1f ff fa 1f 00 b1 ........ ........
|
||
00000098 00 31 ff f0 ff fd 05 ff fb 21 .1...... .!
|
||
0000003F ff fa 22 01 03 ff f0 .."....
|
||
000000A2 ff fa 22 01 07 ff f0 .."....
|
||
00000046 ff fa 21 03 ff f0 ff fb 01 ff fd 00 ff fe 22 ..!..... ......"
|
||
000000A9 ff fd 01 ff fb 00 ff fc 22 ........ "
|
||
00000055 ff fa 22 03 03 e2 03 04 82 0f 07 e2 1c 08 82 04 .."..... ........
|
||
00000065 09 c2 1a 0a 82 7f 0b 82 15 0f 82 11 10 82 13 11 ........ ........
|
||
00000075 82 ff ff 12 82 ff ff ff f0 ........ .
|
||
0000007E 0d 0a 4c 69 6e 75 78 20 32 2e 36 2e 33 38 2d 38 ..Linux 2.6.38-8
|
||
0000008E 2d 67 65 6e 65 72 69 63 2d 70 61 65 20 28 3a 3a -generic -pae (::
|
||
0000009E 66 66 66 66 3a 31 30 2e 31 2e 31 2e 32 29 20 28 ffff:10. 1.1.2) (
|
||
000000AE 70 74 73 2f 31 30 29 0d 0a 0a 01 00 77 77 77 62 pts/10). ....wwwb
|
||
000000BE 75 67 73 20 6c 6f 67 69 6e 3a 20 ugs logi n:
|
||
000000B2 6c l
|
||
000000C9 00 6c .l
|
||
000000B3 65 e
|
||
000000CB 00 65 .e
|
||
000000B4 76 v
|
||
000000CD 00 76 .v
|
||
000000B5 65 e
|
||
000000CF 00 65 .e
|
||
000000B6 6c l
|
||
000000D1 00 6c .l
|
||
000000B7 58 X
|
||
000000D3 00 58 .X
|
||
000000B8 0d .
|
||
000000D5 01 .
|
||
000000D6 00 0d 0a 50 61 73 73 77 6f 72 64 3a 20 ...Passw ord:
|
||
000000B9 66 f
|
||
000000BA 74 t
|
||
000000BB 5f _
|
||
000000BC 77 w
|
||
000000BD 61 a
|
||
000000BE 6e n
|
||
000000BF 64 d
|
||
000000C0 72 r
|
||
000000C1 7f .
|
||
000000C2 7f .
|
||
000000C3 7f .
|
||
000000C4 4e N
|
||
000000C5 44 D
|
||
000000C6 52 R
|
||
000000C7 65 e
|
||
000000C8 6c l
|
||
000000C9 7f .
|
||
000000CA 4c L
|
||
000000CB 30 0
|
||
000000CC 4c L
|
||
000000CD 0d .
|
||
000000E3 00 0d 0a ...
|
||
000000E6 01 .
|
||
000000E7 00 0d 0a 4c 6f 67 69 6e 20 69 6e 63 6f 72 72 65 ...Login incorre
|
||
000000F7 63 74 0d 0a 77 77 77 62 75 67 73 20 6c 6f 67 69 ct..wwwb ugs logi
|
||
00000107 6e 3a 20 n:
|
||
```
|
||
|
||
This looks a bit annoying, but if we remove the hexdump stuff, and keep only the ascii (non ascii are represneted by `.` )characters, we get this
|
||
|
||
```
|
||
> ..%
|
||
< ..%
|
||
> ..&..... ..#..'..$
|
||
< ..&..... ..#..'..$
|
||
> .. .....#.....'.........
|
||
< .. .38400,38400....#.SodaCan:0....'..DISPLAY.SodaCan:0......xterm..
|
||
> ........"........!
|
||
< ........"..".....b........b.... B.
|
||
< ..............................1.......!
|
||
> .."....
|
||
< .."....
|
||
> ..!..........."
|
||
< ........"
|
||
> .."............. ..
|
||
> .....................
|
||
> Linux 2.6.38-8-generic-pae (::ffff:10.1.1.2) (pts/10)
|
||
|
||
> ..wwwbugs login:
|
||
< l
|
||
> .l
|
||
< e
|
||
> .e
|
||
< v
|
||
> .v
|
||
< e
|
||
> .e
|
||
< l
|
||
> .l
|
||
< X
|
||
> .X
|
||
|
||
|
||
> ..
|
||
> Password:
|
||
< ft_wandr...NDRel.L0L
|
||
|
||
> .
|
||
> ..
|
||
> Login incorrect
|
||
> wwwbugs login:
|
||
```
|
||
|
||
(Legend: `<` means client send this to the server and `>` means the server sent this to the client. any `.` may represent an non-ascii/non-character byte)
|
||
|
||
We see a nice `Passowrd:` sent by the server, with a nice response of `ft_wandr...NDRel.L0L`.
|
||
|
||
While looking at the hexdump, we can decipher what the `.` are truly representing
|
||
as a C string it looks like this `"ft_wandr\x7f\x7f\x7fNDRel\x7fL0L"`
|
||
|
||
a quick `man ascii` reveal that `\x7f` is the `DEL` character.
|
||
Assuming this means that mister Wandre failed to type is password, corrected it, and sent it, it would be
|
||
`ft_waNDReL0L`
|
||
|
||
```bash
|
||
level02@SnowCrash:~$ su flag02 -c getflag
|
||
Password:
|
||
Check flag.Here is your token : kooda2puivaav1idi4f57q8iq
|
||
```
|
||
|
||
|