Skip to content

Latest commit

 

History

History
61 lines (34 loc) · 1.63 KB

README.md

File metadata and controls

61 lines (34 loc) · 1.63 KB
Raw

MarketDump

Write-up author: jon-brandy

DESCRIPTION:

We have got informed that a hacker managed to get into our internal network after pivoiting through the web platform that runs in public internet. He managed to bypass our small product stocks logging platform and then he got our costumer database file. We believe that only one of our costumers was targeted. Can you find out who the customer was?

HINT:

  • NONE

STEPS:

  1. First, unzip the .zip file given.

RESULT

image

  1. Let's open the file in wireshark.

RESULT

image

  1. Let's start by follow the TCP stream.
  2. Found nothing good here.

image

  1. Let's try to filter the HTTP stream.

RESULT

image

  1. The bottom one quite interesting.

image

  1. Let's follow the stream.
  2. Notice found unique string there.

image

  1. Decode it using cyberchef.

RESULT

image

  1. Got the flag!

FLAG

HTB{DonTRuNAsRoOt!MESsEdUpMarket}