SnowCrash Mission: Flag02
Objective: Retrieve the Level03 token to advance further in the SnowCrash challenge.
Discovering the pcap File
Our journey begins when we stumble upon a mysterious pcap file in the home folder:
level02@SnowCrash:~$ ls
level02.pcap
level02@SnowCrash:~$
Downloading the pcap File
To delve deeper into this enigma, we use the scp
command to download the pcap file from a remote host:
[~]$ scp -P 4242 level02@10.12.177.116:level02.pcap .
# _____ _____ _
# / ____| / ____| | |
# | (___ _ __ _____ _| | _ __ __ _ ___| |__
# \___ \| '_ \ / _ \ \ /\ / / | | '__/ _` / __| '_ \
# ____) | | | | (_) \ V V /| |____| | | (_| \__ \ | | |
# |_____/|_| |_|\___/ \_/\_/ \_____|_| \__,_|___/_| |_|
#
# Good luck & Have fun
# 10.12.177.116
level02@10.12.177.116's password:
level02.pcap 100% 8302 9.4MB/s 00:00
[~]$ ls
level02.pcap
[~]$
This action grants us access to the file, and we are ready to unravel its secrets.
Analyzing with Wireshark
With the pcap file in our possession, we turn to the trusty tool, Wireshark, to dissect its contents. After meticulous analysis, we discover a revealing TCP stream that provides us with critical information:
Linux 2.6.38-8-generic-pae (::ffff:10.1.1.2) (pts/10)
wwwbugs login: lleevveellXX
Password: ft_waNDReL0L
Login incorrect
wwwbugs login:
Cracking the Password
From this captured data, it becomes evident that a successful login attempt occurred with a clear-text password:
- Username: lleevveellXX
- Password: ft_waNDReL0L
Gaining Access
With this newfound information, we proceed to log in as flag02:
level02@SnowCrash:~$ su flag02
Password: ft_waNDReL0L
Our access is granted, and we seize this opportunity to capture the Level03 token:
flag02@SnowCrash:~$ getflag
Check flag. Here is your token: kooda2puivaav1idi4f57q8iq
flag02@SnowCrash:~$
With the Level03 token secured, we continue our journey through the mysterious challenges of SnowCrash, fueled by determination and the pursuit of knowledge.