mirror of https://github.com/dirtbags/moth.git
Document netarch category
This commit is contained in:
parent
31493774a3
commit
b51eadcbc6
|
@ -0,0 +1,121 @@
|
||||||
|
archaeology
|
||||||
|
===========
|
||||||
|
|
||||||
|
This is the network archaeology category. Puzzles center around pulling
|
||||||
|
something out of a pcap file.
|
||||||
|
|
||||||
|
* Base64-encoded plaintext
|
||||||
|
|
||||||
|
* Image in pcap of HTTP
|
||||||
|
* Image in pcap of SMTP
|
||||||
|
* Image in pcap of proto b
|
||||||
|
* Image in pcap of out-of-order proto b
|
||||||
|
* Image in pcap of out-of-order w/NAK proto b
|
||||||
|
|
||||||
|
* Base64-encoded single-byte xor
|
||||||
|
* Base64-encoded 4-byte xor
|
||||||
|
* Base64-encoded 16-byte xor
|
||||||
|
|
||||||
|
* Image in pcap of 1-byte xor out-of-order w/NAK w/filler proto c
|
||||||
|
* Image in pcap of proto d, plus a token in the text
|
||||||
|
* Image in pcap of proto e, token in the text, and token in zip file
|
||||||
|
|
||||||
|
|
||||||
|
proto b
|
||||||
|
-------
|
||||||
|
|
||||||
|
01 1 octet SOH
|
||||||
|
xxxx 2 octets chunk number (monotonically increasing)
|
||||||
|
xx 1 octet chunk length
|
||||||
|
... <256 octets up to 255 bytes of data
|
||||||
|
xx 1 octet checksum (uint8 sum of all data bytes)
|
||||||
|
|
||||||
|
06 1 octet ACK
|
||||||
|
xxxx 2 octets chunk number
|
||||||
|
00 1 octet length 0
|
||||||
|
|
||||||
|
15 1 octet NAK
|
||||||
|
xxxx 2 octets chunk number
|
||||||
|
00 1 octet length 0
|
||||||
|
|
||||||
|
04 1 octet EOT
|
||||||
|
xxxx 2 octets chunk number
|
||||||
|
00 1 octet length 0
|
||||||
|
|
||||||
|
|
||||||
|
frob
|
||||||
|
----
|
||||||
|
|
||||||
|
* srand(0)
|
||||||
|
* xor each octet with rand() % argv[1]
|
||||||
|
|
||||||
|
|
||||||
|
proto c
|
||||||
|
-------
|
||||||
|
|
||||||
|
all packets are xored with a per-session randomly-selected key
|
||||||
|
|
||||||
|
offs len description
|
||||||
|
---- ---- -----------
|
||||||
|
00 2 c0 0c
|
||||||
|
02 2 packet length
|
||||||
|
04 1 opcode
|
||||||
|
05 1 00
|
||||||
|
06 data
|
||||||
|
|
||||||
|
opcode desc data
|
||||||
|
------ ---- ---------
|
||||||
|
01 Hello hostname(cstring), 60 bytes random
|
||||||
|
02 NOP ∅
|
||||||
|
04 Text Alice in Wonderland
|
||||||
|
05 Image part# (2 octets) + data
|
||||||
|
|
||||||
|
|
||||||
|
proto d
|
||||||
|
-------
|
||||||
|
|
||||||
|
all packets are xored with a per-packet randomly-selected key
|
||||||
|
|
||||||
|
offs len description
|
||||||
|
---- ---- -----------
|
||||||
|
00 1 00
|
||||||
|
01 1 opcode
|
||||||
|
02 2 packet length
|
||||||
|
04 2 sequence number
|
||||||
|
06 data
|
||||||
|
|
||||||
|
opcode desc data
|
||||||
|
------ ---- ---------
|
||||||
|
01 Hello hostname(cstring), 60 bytes random
|
||||||
|
02 NOP ∅
|
||||||
|
04 Text Alice in Wonderland
|
||||||
|
05 Image data
|
||||||
|
|
||||||
|
|
||||||
|
proto e
|
||||||
|
-------
|
||||||
|
|
||||||
|
16-byte xor key, applied to entire packet
|
||||||
|
|
||||||
|
offs len description
|
||||||
|
---- ---- -----------
|
||||||
|
00 1 opcode
|
||||||
|
01 1 compression type (0=none, 1=gzip)
|
||||||
|
02 2 packet length
|
||||||
|
04 2 sequence number
|
||||||
|
06 data
|
||||||
|
|
||||||
|
opcode desc data
|
||||||
|
------ ---- ---------
|
||||||
|
01 Hello hostname(cstring), 60 bytes random
|
||||||
|
02 C2 interactive shell
|
||||||
|
04 fopen 1:mode (0=read, 1=write)
|
||||||
|
1:fd
|
||||||
|
n:path
|
||||||
|
05 write 1:fd
|
||||||
|
4:offset
|
||||||
|
n:data
|
||||||
|
06 fclose 1:fd
|
||||||
|
08 NOP ∅
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue