John Pierce

. CISSP, SLAE, Security+

WAP Challenge 13 - extract a zip file from pcap to find the password

Step 1 is to open up the pcap file in Wireshark and take a look.  Searching for "pass", there are several instances, but one in partiuclar is of interest.  There is an upload of a file called pass.zip.  This is the file I want to extract.  There are lots of ways to extract files from tcp data (e.g. tcpxtract), but I chose to do it manually.

In wireshark, I highlighted the "Media Type: application . . ." line to select the file data, pressed <ctrl>h and saved the file to c13.zip.

Now that I've got the zip file, I have to figure out the password to it.  I generated a dictionary based on the challenge parameters and used fcrackzip to find the password.  Unzip the file, cat out pass and the challenge is done.  It's important to use the -u switch with fcrackzip as without it, there are about 50 potential passwords listed.

 

Most Recent Articles

First bit::

This is a writeup of the format string vulnerability in level 4 of the 64bitprimer VM from vulnhu

First bit::

Installation of the software to make a yubikey 4 work in FIDO U2F mode on Debian Jessie i386

First bit::

Lesson(s) learned

First bit::

This one stumped me. Overall, it was a great competition for me as I got to learn a whole lot of new things. I had never worked on a Mac, other than as a user, had never used Hopper, lldb or any of the other tools for reversing on a Mac, and haven't got any experience in the Objective C/Swift framework.

First bit::

4 rounds, lots of debugging

Videos

Categories: Network security, Videos
First bit::

Explains the workings of a DMZ, walks through setting up and testing of a DMZ in a virtual machine lab environment

Categories: Network security, Videos
First bit::

In this video I go through the process of setting up an SSH tunnel to hide an IP and also setting

Categories: Exploits, Videos
First bit::

Useful for someone who is interested in what a buffer overflow is. Does not go into the details of development, just explains generally and demonstrates the use of one.

Categories: Exploits, Videos
First bit::

a demonstration of a vulnerability discovered and published by Muts in 2004, exploited on a Windows XP SP3 machine using Python, Immunity Debugger, and Metasploit.

Categories: Network security, Videos
First bit::

In this video I demo some simple iptables rules and show them how to perform network traffic analysis to test them out.