Day 6 - Data Elf-iltration

Q1 - What data was exfiltrated via DNS?

• Open pcap using wireshark

• Search DNS

image

--> 43616e64792043616e652053657269616c204e756d6265722038343931

• Hex --> Ascii

echo 43616e64792043616e652053657269616c204e756d6265722038343931 | xxd -r -p

image

Q2 - What did Little Timmy want to be for Christmas?

• We were given a zip file.

• Password protected

• Using kali to brute force password

fcrackzip -b --method 2 -D -p /root/List/rockyou.txt -v ./christmaslists.zip

image

• Unzip the file with the password that we get.

unzip christmaslists.zip

• Find Timmy Letter. There's your answer.

Q3 - What was hidden within the file?

• With the picture that we get. Try all steganography tools.

1. strings

2. exiftool

3. binwalk

4. steghide

• Steghide

steghide --extract -sf TryHackMe.jpg

image

• Just enter through the password.

• It will extract a file for us.

By AdaniKamal