cypher-anxiety
cypher-anxiety
root@egycondor:~/ctf/pcap# unzip find+the+image.zip
Archive: find+the+image.zip
inflating: find the image.pcap
creating: __MACOSX/
inflating: __MACOSX/._find the image.pcap
root@egycondor:~/ctf/pcap# ls
find the image.pcap find+the+image.zip __MACOSX
root@egycondor:~/ctf/pcap#
root@egycondor:~/ctf/pcap# mv "find the image.pcap" data.pcap
opening the pcap file by wireshark and walk through the packets of TCP i noticed string "Hey bro"
by showing the complete stream by using Follow >> TCP Stream
I can read the full chat conversation between two users
Hey bro
Sup supp, are we ready
yeah, u got the files?
yes but i think the channel is not secured
the UTM will block the file transfer as the DLP module is active
ok we can use cryptcat
ok what the password then
let it be P@ssawordaya
hhh, ok
listen on 7070 and ill send you the file , bye
bye
so our goal now is to find the encrypted data packets and use the secret key to decrypt those packets by cryptcat and the secret key "P@ssawordaya"
first we need to filter the packets sent to the user on port 7070 by the command tcp.port == 7070 and select any packet and follow the stream to get the full session
save the output data as raw data as the binary representation of the file
save it in file name stream and what we going to do now is simulate the same scenario that happen between the two users
Data + key = encrypted data >>>> transfer >>>>>> encrypted data + key = data
so we will send data that already encrypted as we know so we will use nc as a source
on the other side we will decrypt the stream by cryptocat using the secret key
i will do this process in local host 127.0.0.1 in two seperate terminals
#Terminal 1 >> receive the data and decrypt it by the key and save in file dec
root@egycondor:~/ctf/pcap# cryptcat -l -k P@ssawordaya -p 7070 > dec
#Terminal 2 >> send the encrypted stream
root@egycondor:~/ctf/pcap# cat stream | nc 127.0.0.1 7070
root@egycondor:~/ctf/pcap# file dec
dec: JPEG image data, JFIF standard 1.02
