ROOT-Me.org Network FTP-authentication Challenges
![](https://cdn-images-1.medium.com/max/800/1*N-rz4pYae-7oP0Tgf0gAfA.jpeg)
In this challenge a pcap file is provided and we have to find the user password
To start with download the pcap file and open it in Wireshark.
![](https://cdn-images-1.medium.com/max/800/1*pD88URTAwOlpRcaIjrDbNA.png)
In the first three lines we can see 2 way TCP Handshake (Syn, Ack, Syn-Ack) between source and destination server.
Next we can see ftp connection to fran.csg.stercomm.com. Lets right click on FTP stream and select ‘follow TCP Stream’ and we will get tcp stream
![](https://cdn-images-1.medium.com/max/800/1*wztVWr5sXyicBC9Vm8Ip9Q.png)
One glance and we can see user and password in clear text.
Conclusion we should avoid sending data over ftp and should rather user sftp or other safe protocols
Challenge 2 : TELNET — authentication
Challenge is to find user password in this telnet capture
In this challenge we have a pcap file having Telnet and TCP protocols.
After opening the file in wireshark, right click on the TELNET protocol and do follow TCP stream
![](https://cdn-images-1.medium.com/max/800/1*ZmAwYjoKBqq8eST5qaNpbA.png)
From the screenshot we can see that login credentials are in clear text. Now, input the password to clear this challenge
Challenge Twitter authentication
In this challenge, we have a twitter session authentication capture and need to find user password.
After downloading the pcap file and opening it in Wireshark, we can see that is consists of only 1 Http request
![](https://cdn-images-1.medium.com/max/800/1*a7501AFV2tzjD77WnoESqg.png)
We are aware that http send request/response in clear text. So lets take a closer look at the HTTP data by clicking and enlarging Hypertext Transfer Protocol in middle pane of wireshark
![](https://cdn-images-1.medium.com/max/800/1*DQmLwhzHKY8nPFDYrh98oA.png)
In the above screenshot we can see Get request . On scrolling further, under authorization Header we can see user password in clear text
![](https://cdn-images-1.medium.com/max/800/1*QTCvxAHjSMDPixFvA-DfJQ.png)