What's the md5 of the file being transferred?
Downloading the link that was given to me and doing a check, it's another PCAP file.
Ok, let's load it up with Wireshark and analyse it.
After analysing it, it seems like a FTP session.
In Wireshark, there is a filter, "ftp-data" for all data that is being transferred.
So let's use that filter and we will be able to get something like the image shown below.
The important FTP data packets are the last 3 in the image which is for tcp_serv.beam.
So if we do a "Right-Click"->"Follow TCP Stream" to retrieve the file.
Then do a "Save As" to save the file. Now just use m5sum or any of your favourite md5 tool to check the md5 of the file which we just saved.
We will get "77f92edb199815b17e2ff8da36e200df" which is the key to this challenge. :P
Cheers,
Jacob Soo
No comments:
Post a Comment