HackTheBox Forensics Marshal in the Middle Challenge

Challenge By : rotarydrone

Challenge Description : The security team was alerted to suspicous network activity from a production web server.
Can you determine if any data was stolen and what it was?

Points : 40

Author : Rehman S. Beg (HTB Profile : MrReh )

________________________________________

Lets Download the file and extract it content

Open the chalcap.pcapng file with wireshark, Decrypte the data by the secrets.log file to view the content in plain text we need to load Master-Secret log lets load it

edit>preference>protocol>SSL or TLS

Then add a display filter who will take all http POST request of ip address 10.10.20.13

http.request.method == "POST" && ip.addr == 10.10.20.13

There was a post request with biggest packet lenght

to view packet data in plain text “right click on packet > Follow > TLS or SSL stream”

Credit Card Data in Plain Text and here we got the flag

FLAG : “HTB{Th15_15_4_F3nD3r_Rh0d35_M0m3NT!!}”   

Leave a Reply

Your email address will not be published. Required fields are marked *