Puzzle #2 Ann Skips Bail
故事摘要:
After being released on bail, Ann Dercover disappears! Fortunately, investigators were carefully monitoring her network activity before she skipped town.後續
目標:
- What is Ann’s email address?
wireshark 把 smtp 協定過濾出來。
選擇 56 封包 -> Follow TCP Stream
MAIL FROM:寄件者 (Ann 的郵件)sneakyg33k@aol.com
RCPT TO:收件者 - What is Ann’s email password?
Wireshark -> Apply a display filter 輸入 「smtp.auth.password」
Password:NTU4cjAwbHo=
按下右鍵 -> Protocol Preferences -> Decode base-64-encoded AUTH parameters
發現解碼 558r00lz - What is Ann’s secret lover’s email address?
Wireshark -> Apply a display filter 輸入 「smtp.req.parameter contains "TO"」
發現接收者有兩個 Mail …
兩個都以 TCP Stream 打開用 find 找 「love」字串,發現第 132 包有...(但我不知道這樣找對不對...)
<mistersecretx@aol.com> <- 就是他... - What two items did Ann tell her secret lover to bring?
承上,TCP Stream 繼續看發現到這段話「Hi sweetheart! Bring your fake passport and a bathing suit. Address = attached. love, Ann」
似乎是 護照 跟 泳裝 - What is the NAME of the attachment Ann sent to her secret lover?
繼續承上並往下看有個 secretrendezvous.docx ,是 base64 編碼過 - What is the MD5sum of the attachment Ann sent to her secret lover?
承上,先把 BASE64 的編碼資訊解碼,會獲得 docx 檔案。
用 powershell + bash
9e423e11db88f01bbff81172839e1923
另一種方式(powershell + bash)
openssl base64 -d < test.b64 > secretrendezvous.docx - In what CITY and COUNTRY is their rendez-vous point?
打開檔案,發現這個東西 - What is the MD5sum of the image embedded in the document?
圖片另存新檔,md5sum
55ca95ea01264df9128649238b516d76
補充
SMTP 語法
留言
張貼留言