mirror of https://github.com/dirtbags/moth.git
Document netarch category
This commit is contained in:
parent
08bed422c2
commit
d482f76cd9
|
@ -0,0 +1,121 @@
|
|||
archaeology
|
||||
===========
|
||||
|
||||
This is the network archaeology category. Puzzles center around pulling
|
||||
something out of a pcap file.
|
||||
|
||||
* Base64-encoded plaintext
|
||||
|
||||
* Image in pcap of HTTP
|
||||
* Image in pcap of SMTP
|
||||
* Image in pcap of proto b
|
||||
* Image in pcap of out-of-order proto b
|
||||
* Image in pcap of out-of-order w/NAK proto b
|
||||
|
||||
* Base64-encoded single-byte xor
|
||||
* Base64-encoded 4-byte xor
|
||||
* Base64-encoded 16-byte xor
|
||||
|
||||
* Image in pcap of 1-byte xor out-of-order w/NAK w/filler proto c
|
||||
* Image in pcap of proto d, plus a token in the text
|
||||
* Image in pcap of proto e, token in the text, and token in zip file
|
||||
|
||||
|
||||
proto b
|
||||
-------
|
||||
|
||||
01 1 octet SOH
|
||||
xxxx 2 octets chunk number (monotonically increasing)
|
||||
xx 1 octet chunk length
|
||||
... <256 octets up to 255 bytes of data
|
||||
xx 1 octet checksum (uint8 sum of all data bytes)
|
||||
|
||||
06 1 octet ACK
|
||||
xxxx 2 octets chunk number
|
||||
00 1 octet length 0
|
||||
|
||||
15 1 octet NAK
|
||||
xxxx 2 octets chunk number
|
||||
00 1 octet length 0
|
||||
|
||||
04 1 octet EOT
|
||||
xxxx 2 octets chunk number
|
||||
00 1 octet length 0
|
||||
|
||||
|
||||
frob
|
||||
----
|
||||
|
||||
* srand(0)
|
||||
* xor each octet with rand() % argv[1]
|
||||
|
||||
|
||||
proto c
|
||||
-------
|
||||
|
||||
all packets are xored with a per-session randomly-selected key
|
||||
|
||||
offs len description
|
||||
---- ---- -----------
|
||||
00 2 c0 0c
|
||||
02 2 packet length
|
||||
04 1 opcode
|
||||
05 1 00
|
||||
06 data
|
||||
|
||||
opcode desc data
|
||||
------ ---- ---------
|
||||
01 Hello hostname(cstring), 60 bytes random
|
||||
02 NOP ∅
|
||||
04 Text Alice in Wonderland
|
||||
05 Image part# (2 octets) + data
|
||||
|
||||
|
||||
proto d
|
||||
-------
|
||||
|
||||
all packets are xored with a per-packet randomly-selected key
|
||||
|
||||
offs len description
|
||||
---- ---- -----------
|
||||
00 1 00
|
||||
01 1 opcode
|
||||
02 2 packet length
|
||||
04 2 sequence number
|
||||
06 data
|
||||
|
||||
opcode desc data
|
||||
------ ---- ---------
|
||||
01 Hello hostname(cstring), 60 bytes random
|
||||
02 NOP ∅
|
||||
04 Text Alice in Wonderland
|
||||
05 Image data
|
||||
|
||||
|
||||
proto e
|
||||
-------
|
||||
|
||||
16-byte xor key, applied to entire packet
|
||||
|
||||
offs len description
|
||||
---- ---- -----------
|
||||
00 1 opcode
|
||||
01 1 compression type (0=none, 1=gzip)
|
||||
02 2 packet length
|
||||
04 2 sequence number
|
||||
06 data
|
||||
|
||||
opcode desc data
|
||||
------ ---- ---------
|
||||
01 Hello hostname(cstring), 60 bytes random
|
||||
02 C2 interactive shell
|
||||
04 fopen 1:mode (0=read, 1=write)
|
||||
1:fd
|
||||
n:path
|
||||
05 write 1:fd
|
||||
4:offset
|
||||
n:data
|
||||
06 fclose 1:fd
|
||||
08 NOP ∅
|
||||
|
||||
|
Loading…
Reference in New Issue