Thread subject: Security Override :: Forensics 7

Posted by nemesis on 01/16/2011 14:52:20
#1

Hello SecurityOveride,
As you see I've done all the forensics challenges easily, Still [7] [8] [9] But I'm stuck on [7] for the moment, i did my best to solve it, but i couldn't.
Any hints ? or informations to share ?
Thank you. :)

Posted by Null Set on 01/16/2011 18:30:46
#2

Actually, if you follow the packets, you'll run into one with all the information you need. :P Just try to logically think of what the contents of that packet would be, and it should be easy to deduce which packet it is.

Posted by nemesis on 01/17/2011 07:11:28
#3

Hello again,
There 265 Packets, i looked into every single one, still cannot find it :/
( I'm not asking for direct answer ) is there something i should about IRC etc.. ?

Posted by auditorsec on 01/17/2011 07:45:36
#4

Hi Nemesis,

you are missing the obvious. the trace files are not designed to be complex and only carry the information pertaining to the challenge.

Let me ask you a question: what do you do to hide your IP from being logged on a webserver..........

hope this helps.........

Posted by MarianG on 03/26/2011 13:53:43
#5

i've got the packet, 7 local users.

and i'm stuck.

Edited by MarianG on 03/26/2011 13:53:58

Posted by madf0x on 03/27/2011 07:23:34
#6

If youre really having a tough time figuring out the packets then capture traffic of youreself logging into an irc server, then grep for the 'answers' that you already know(since you know your nick and can find out your IP). That will help you identify what the packet(s) with the information you need for the challenge might be stored.

Posted by stdape on 06/24/2011 07:54:54
#7

pretty sure i have all the details but still not accepting. Anyone want to except a PM just too see if im right, dont want help solving just a yes or no.

Posted by Guest on 06/24/2011 08:22:50
#8

Sure, send me one

Posted by Abhinav2107 on 01/06/2012 04:21:25
#9

I think I have the real name and nick name correct. What I'm missing is the IP. Apparently it's not in plain sight. I've scanned all the packets. Not sure where or what exactly to look for. Some help please.

EDIT: On second thoughts, I don't have the name correct. Ignore the above post.

Edited by Abhinav2107 on 01/06/2012 05:50:31

Posted by auditorsec on 01/06/2012 07:13:13
#10

the IP addresses are not inside the packets, they are in form of source and destination.......

Posted by Abhinav2107 on 01/07/2012 03:30:28
#11

Yeah I figured that much, but I was way too sure of my real name that I thought something must be wrong with the IP.
Thanks anyway. Mission completed. :)

Edited by Abhinav2107 on 01/07/2012 04:00:08

Posted by OriginalsGeeks on 05/03/2012 14:05:03
#12

Hello, just a issue is that the underscores are considered ? Because I tried all syntax (with _ / without _) and nothing is correct but i'm sure i have the correct credential information.

Posted by auditorsec on 05/04/2012 08:33:56
#13

OriginalsGeeks wrote:
Hello, just a issue is that the underscores are considered ? Because I tried all syntax (with _ / without _) and nothing is correct but i'm sure i have the correct credential information.


hi,
you can PM me the details and i can verify if the answer is correct

Posted by Intr0 on 07/30/2012 18:09:46
#14

can i pm you or someone as well concerning the under scores?

Posted by auditorsec on 07/31/2012 04:31:26
#15

Intr0 wrote:
can i pm you or someone as well concerning the under scores?


You are always welcome to PM me anytime.

Posted by zediwon on 03/22/2013 10:06:21
#16

it was fun. this challenge really was fun... it really did teach me something. and for those who haven't completed the challenge yet...
after you extracted the image (whatever method you used) don't try to find any hash in the image, it really isn't there. but think it through... it is on in not in it.

Note For the Admins: if you find this post spoiling please remove it.

Posted by Hatsjoe on 03/22/2013 20:38:19
#17

zediwon wrote:
it was fun. this challenge really was fun... it really did teach me something. and for those who haven't completed the challenge yet...
after you extracted the image (whatever method you used) don't try to find any hash in the image, it really isn't there. but think it through... it is on in not in it.

Note For the Admins: if you find this post spoiling please remove it.

Wrong challenge. Forensics 7 is the IRC one.

But some advice, it's really simple once you know what to look for. Explore the options within Wireshark to make it easier for yourself. Also know how to use CTRL + F and read up on RFC1459 to understand IRC communications.

In Wireshark there is a nice option called "Show data as text", makes it easier to read certain packets which have data in them. The rest is for you to figure out, I think I may have revealed too much already.

Posted by thehare on 08/09/2013 19:32:19
#18

Was just curious, I think I`ve found that packet I need, but there are some underscores in what I believe are the answers. Are these supposed to be in the final answer?

Posted by staticuser on 04/28/2014 13:12:08
#19

I think i got all the right data but still not getting true it.
Is there 1 that I can PM to verify something.