Take It Down

forensics network FCSC 2019 solved on

star star

Description

A botnet has just been deactivated! Communcations with the C&C are rerouted with a sinkhole from which network captures are performed. Unfortunately, the person in charge of this operation did not managed to decode the communications. She however succeeded to setup a honeypot to have the botnet (mostly targeting Raspberry PI exposed on the Internet) to connect by SSH with the default password.

Your task is to find and decode the data from the network capture to identify the victim by using the client script client.py.

Note: This challenge has been made for the finale of FCSC 2019.

Files

  • client.py
    4.14 KiB – be984312cdfe18adf366ef0f90ed95c531b32d9fdb2bb242ac8d2227c9367620
  • sinkhole_capture.pcap
    599.41 KiB – 8b02ee26c96e43d6c48fc4f7c5093b183b0a3d43581ce9e3b0a011d9597498dd

Author

alx

Flag

Share my success on Fediverse, Twitter, Linkedin, Facebook, or via email.

Submit your solution

You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.

You need to be logged in to submit a writeup.

Writeups

There are no public solutions for this challenge yet, but you can submit yours after getting the flag.