ROOT-Me.org Network FTP-authentication Challenges

In this challenge a pcap file is provided and we have to find the user password

To start with download the pcap file and open it in Wireshark.

In the first three lines we can see 2 way TCP Handshake (Syn, Ack, Syn-Ack) between source and destination server.

Next we can see ftp connection to fran.csg.stercomm.com. Lets right click on FTP stream and select ‘follow TCP Stream’ and we will get tcp stream

One glance and we can see user and password in clear text.

Conclusion we should avoid sending data over ftp and should rather user sftp or other safe protocols


Challenge 2 : TELNET — authentication

Challenge is to find user password in this telnet capture

In this challenge we have a pcap file having Telnet and TCP protocols.

After opening the file in wireshark, right click on the TELNET protocol and do follow TCP stream

From the screenshot we can see that login credentials are in clear text. Now, input the password to clear this challenge


Challenge Twitter authentication

In this challenge, we have a twitter session authentication capture and need to find user password.

After downloading the pcap file and opening it in Wireshark, we can see that is consists of only 1 Http request

We are aware that http send request/response in clear text. So lets take a closer look at the HTTP data by clicking and enlarging Hypertext Transfer Protocol in middle pane of wireshark

In the above screenshot we can see Get request . On scrolling further, under authorization Header we can see user password in clear text

Leave a Reply

Your email address will not be published. Required fields are marked *