Skip to main content
Hashnodekurtntettle's blog

Command Palette

Search for a command to run...

NetCat - 1 - NRF24CTF

web 𖧹 30pts 𖧹 0xRobiul

Updated
•1 min read
S
Shaikh Shafeen
Building solutions of my daily life problems with code.
Part of seriesEWU NRF24 CTF (Online Preliminary Round)

Problem Statement

One Of My Student Cheating On Pentest Exam, He Didn't Know But I Can See!! Can You See? Flag Format For All Questions: EWU{some_text} ​

0xRobiul ​

Identify Lab & Attackbox! ​

Example: EWU{ServerIP_AttackerIP}

blogger.pcapng

Prerequisites

  • IP addresses (basics)

  • Wireshark (basic use of filters and statistics)

Solution

Reading the word "cheating," the first thing that came to my mind was Google search. So I filtered out the DNS requests

Looking further, I noticed the attacker was using DoH and making several queries. Next, I thought about listing all the IPv4 addresses to see which one has a large number of packets.

To list the endpoints click Statistics > Endpoints

We found two IPv4 addresses with a large number of packets. Since we already know the attacker's address, we can surely say that 192.x.x.x is the server's address.

Conclusion

  • Wireshark is an excellent packet analyzer. We should grasp the basics of it. Even with basic knowledge, we can be quite powerful.

Credits

  • Hashnode - for the amazing platform

  • EWU - for delaying this write-up (they restricted challenge access within <36 hours)

#nrf24ctf-preli#ctf-writeup#wireshark#web
12 views

Comments

Join the discussion

No comments yet. Be the first to comment.

EWU NRF24 CTF (Online Preliminary Round)

Part 2 of 4

EWU Robotics Club has organized Capture the Flag event and I will be discussing the write-ups of the problems my team / I managed to solve in the preli round.

Up next

Admir - The Great Admin Access Heist! - NRF24CTF

Web 𖧹 90pts 𖧹 0xRobiul

More from this blog

kurtntettle's blog

22 posts

Just a developer solving random problems and documenting here.