Day 6 - Data Elf-iltration

PreviousDay 5 - Ho-Ho-Hosint NextDay 12 - Elfcryption

Last updated 2 months ago

Q1 - What data was exfiltrated via DNS?

Open pcap using wireshark
Search DNS

--> 43616e64792043616e652053657269616c204e756d6265722038343931

Hex --> Ascii

echo 43616e64792043616e652053657269616c204e756d6265722038343931 | xxd -r -p

Q2 - What did Little Timmy want to be for Christmas?

We were given a zip file.
Password protected
Using kali to brute force password

fcrackzip -b --method 2 -D -p /root/List/rockyou.txt -v ./christmaslists.zip

Unzip the file with the password that we get.

unzip christmaslists.zip

Find Timmy Letter. There's your answer.

Q3 - What was hidden within the file?

With the picture that we get. Try all steganography tools.

strings
exiftool
binwalk
steghide

Steghide

steghide --extract -sf TryHackMe.jpg

Just enter through the password.
It will extract a file for us.

By AdaniKamal