Day 6 - Data Elf-iltration

Q1 - What data was exfiltrated via DNS?

  • Open pcap using wireshark

  • Search DNS

image

--> 43616e64792043616e652053657269616c204e756d6265722038343931

  • Hex --> Ascii

echo 43616e64792043616e652053657269616c204e756d6265722038343931 | xxd -r -p
image

Q2 - What did Little Timmy want to be for Christmas?

  • We were given a zip file.

  • Password protected

  • Using kali to brute force password

fcrackzip -b --method 2 -D -p /root/List/rockyou.txt -v ./christmaslists.zip
image

  • Unzip the file with the password that we get.

unzip christmaslists.zip

  • Find Timmy Letter. There's your answer.

Q3 - What was hidden within the file?

  • With the picture that we get. Try all steganography tools.

  1. strings

  2. exiftool

  3. binwalk

  4. steghide

  • Steghide

steghide --extract -sf TryHackMe.jpg
image

  • Just enter through the password.

  • It will extract a file for us.

By AdaniKamal

PreviousDay 5 - Ho-Ho-HosintNextDay 12 - Elfcryption

Last updated