It turns out that robots, like humans, are cheap and do not like paying for their movies and music. We were able to intercept some torrent downloads but are unsure what the file being downloaded was. Can you figure it out?
Someone have leaked very important documents. We couldn’t find any proof without one PCAP file. But this file was damaged.
¡Ø The password of disclosure document is very weakness and based on Time, can be found easily.
Cryptographic algorithm is below.
Msg = ¡°ThisIsNotARealEncryption!SeemToEncoding¡±
Key = 0x20120224 (if date format is 2012/02/24 00:01:01)
Cryto = C(M) = Msg * Key = 0xa92fd3a82cb4eb2ad323d795322c34f2d809f78
Because of vulnerability of site in Company A, database which contains user’s information was leaked. The file is dumped packet at the moment of attacking.
Find the administrator’s account information which was leaked from the site.
For reference, some parts of the packet was blind to XXXX.
Answer : strupr(md5(database_name|table_name|decode(password_of_admin)))
So, we got a PCAP file with a nice SQL Injection attack on some web application. As it turns out this is a blind/boolean based injection, so we can’t easily tell what data got extracted. Time to write a little tool..
To whom it may concern to DoS attack.
What is the different between attack and normal traffic?
Attached PCAP file is from suspicious client PC which may be infected.
If you find TOP 4 targeting address, let me know exactly information such as below.
TOP1 126.96.36.199 __k___
TOP2 188.8.131.52 ____________i___
TOP3 184.108.40.206 _n___
TOP4 220.127.116.11 ____d____