Overview
| Room Name | |
|---|---|
| Crisis |  |
| Dev | @anir0y |
| Tools required | Wireshark |
| Join Room | Crisis |
Task 01: Introduction
- Download the File
- open with Wireshark
1.1
Download file.
1.2
When it all started?
Open packet 1, layer 1 reavels the Time Stamp
Enter Format (MMM DD, YYYY)
1.3
What is the domain name?
Check the DNS (use filer
DNS)
1.4
What is the EMAIL Sending Protocol & Port
1.5
What is the EMAIL Receiving Protocol?
RFC 918; wiki
Task 02: Find the Mails
as we already know the email protocols that was used in this logs, let’s find out the emails.
2.1
Who received the First email?
email receiving protocol was
POPfilter the results
read the first
Recepient email
2.2
Who send the First Email?
- Same task 2.1 reveals the
return pathemail.
2.3
there is a ‘Super Hero Reference’ who is he??
read the first email reply. (filter:
SMTP)filter the logs
follow the streams; change steam here.
2.4
2.5
Uhmm, Babe is mad! Our guy sent a hint to the other guy. what he said?
read the emails, you’ll find a reference what
monitordid wrong.ans is in
tcp.stream eq 20
2.6
what is username for the Computer Network ?
read the
incoming emailfind the
credsonoutgoing email steam
2.7
what is the password for the Computer Network?
- follow the task 2.6
Task 03: Twisters
3.1
Who send the bad word about ‘Monitor’?
read the emails
you’ll discover a new email address.
he sent a very compaling evidence email
3.2
What was the name of executable file?
- read the
httppackets. - you’ll find this file
3.3
What is IP address of Attacker
- read the
httppackets - ans is the
source IPaddress, from where theexefile was downloaded.
Task 04: Rescue
4.1
Our hero sent SOS to ?
oliver send email to someone seeking for help
filter with
smtpread the emails, you’ll discover another new email address
4.2
Password
- and is in task 4.1
