mirror of
https://github.com/dirtbags/moth.git
synced 2025-01-07 12:30:47 -07:00
121 lines
2.9 KiB
Text
121 lines
2.9 KiB
Text
archaeology
|
|
===========
|
|
|
|
This is the network archaeology category. Puzzles center around pulling
|
|
something out of a pcap file.
|
|
|
|
* Base64-encoded plaintext
|
|
|
|
* Image in pcap of HTTP
|
|
* Image in pcap of SMTP
|
|
* Image in pcap of proto b
|
|
* Image in pcap of out-of-order proto b
|
|
* Image in pcap of out-of-order w/NAK proto b
|
|
|
|
* Base64-encoded single-byte xor
|
|
* Base64-encoded 4-byte xor
|
|
* Base64-encoded 16-byte xor
|
|
|
|
* Image in pcap of 1-byte xor out-of-order w/NAK w/filler proto c
|
|
* Image in pcap of proto d, plus a token in the text
|
|
* Image in pcap of proto e, token in the text, and token in zip file
|
|
|
|
|
|
proto b
|
|
-------
|
|
|
|
01 1 octet SOH
|
|
xxxx 2 octets chunk number (monotonically increasing)
|
|
xx 1 octet chunk length
|
|
... <256 octets up to 255 bytes of data
|
|
xx 1 octet checksum (uint8 sum of all data bytes)
|
|
|
|
06 1 octet ACK
|
|
xxxx 2 octets chunk number
|
|
00 1 octet length 0
|
|
|
|
15 1 octet NAK
|
|
xxxx 2 octets chunk number
|
|
00 1 octet length 0
|
|
|
|
04 1 octet EOT
|
|
xxxx 2 octets chunk number
|
|
00 1 octet length 0
|
|
|
|
|
|
frob
|
|
----
|
|
|
|
* srand(0)
|
|
* xor each octet with rand() % argv[1]
|
|
|
|
|
|
proto c
|
|
-------
|
|
|
|
all packets are xored with a per-session randomly-selected key
|
|
|
|
offs len description
|
|
---- ---- -----------
|
|
00 2 c0 0c
|
|
02 2 packet length
|
|
04 1 opcode
|
|
05 1 00
|
|
06 data
|
|
|
|
opcode desc data
|
|
------ ---- ---------
|
|
01 Hello hostname(cstring), 60 bytes random
|
|
02 NOP ∅
|
|
04 Text Alice in Wonderland
|
|
05 Image part# (2 octets) + data
|
|
|
|
|
|
proto d
|
|
-------
|
|
|
|
all packets are xored with a per-packet randomly-selected key
|
|
|
|
offs len description
|
|
---- ---- -----------
|
|
00 1 00
|
|
01 1 opcode
|
|
02 2 packet length
|
|
04 2 sequence number
|
|
06 data
|
|
|
|
opcode desc data
|
|
------ ---- ---------
|
|
01 Hello hostname(cstring), 60 bytes random
|
|
02 NOP ∅
|
|
04 Text Alice in Wonderland
|
|
05 Image data
|
|
|
|
|
|
proto e
|
|
-------
|
|
|
|
16-byte xor key, applied to entire packet
|
|
|
|
offs len description
|
|
---- ---- -----------
|
|
00 1 opcode
|
|
01 1 compression type (0=none, 1=gzip)
|
|
02 2 packet length
|
|
04 2 sequence number
|
|
06 data
|
|
|
|
opcode desc data
|
|
------ ---- ---------
|
|
01 Hello hostname(cstring), 60 bytes random
|
|
02 C2 interactive shell
|
|
04 fopen 1:mode (0=read, 1=write)
|
|
1:fd
|
|
n:path
|
|
05 write 1:fd
|
|
4:offset
|
|
n:data
|
|
06 fclose 1:fd
|
|
08 NOP ∅
|
|
|
|
|