Christian Leipold/ Oktober 18, 2022/ IT-Security, Write-Ups/ 0Kommentare

Passing on Complexity

TYPE: TRAFFIC ANALYSIS PCAP

Challenge

ESU's IT staff swears up and down that the backup user's password is secure and follows best practice. Their internal auditors are not convinced and are asking for your help to determine the backup user's password at the time of the breach.

Submit the flag as flag{password}.

Use the packet capture from Scans.

Solution

Another PCAP file. This time much larger. Let's download and open it with Wireshark.

First I searched for mysql and there were a lot of entries. Since the file was 30 MB, I didn't want to waste time looking at all the entries.

Then I remembered that we should find the password for the backup user. So maybe it is possible to find the mysqldump command .

And here it is in frame 91643

Best password ever: backup123

Easy 50 points for the team

flag{backup123}

Share this Post

Hinterlasse einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

*
*