Figure 13 – Decrypted Pumpkin Task five: “Extract the RTP stream. Of figure 1) expanding the “Hypertext Transfer Protocol” we can see the file-size. The HTTP Stream we see another pumpkin! Looking at the packet section (number 2 We see that a file named “michael.txt” is requested, following As the traffic is SSL, we can assume we can search for traffic flows using Add the file into the (Pre)-Master-Secret Log filename Copy the “CLIENT_RANDOM” into a text file then navigate to: Edit -> Preferences Wireshark can take this encryption key and decrypt Flows captured into readable Inspecting this traffic flow presents anĬLIENT_RANDOM refers to the encrypting SSL communications, With the Wireshark pcap file under Statistics -> Conversations we can see anĮmail connection was made on port 25. Looking at the all the different conversations occurring What the file data size of this next pumpkin (in bytes)?” Figure 11 – Task Three Pumpkin Task four: “Find the pre-master token and decrypt What’s the main character that makes the pumpkin up?“įor this task a simple Wireshark filter of TCP port 666 can be used, creating a filer of “tcp.port = 666” and then following the TCP stream will reveal the pumpkin. Is another piece to the puzzle, how does the script know what decoder to use? LookingĪt the “encode” function we can see it adds a value of the selected cipher toįigure 10 – Pumpkin Image Location Task three: “Find the pumpkin that on TCP port 666. Now we have our 3 ciphers decoded ready to decode data. In this case the encoding script shifts a value of “3”, to reverse this shift the method back “-3”.
0 Comments
Leave a Reply. |