Description
A beneficiary has automated many tasks using SSH connections. Unfortunately, during a transition to key-based authentication, the password used by SSH clients was compromised, and they suspect that an attacker infiltrated their local network by interactively connecting to their server.
Find the attacker’s IP address in the captured network trace among all the usual SSH connections.
The flag consists of the SSH connection cookies exchanged between the attacker and the server in the following format:
FCSC{cookie_ssh_client-cookie_ssh_server}.
A fixed addressing plan would have been useful, but Christmas is still a few months away…
Files
-
ja4a4a4do0o0re-ssh.pcap
38.88 MiB – 5a88c3de56a5ec237d6d787f3b5fb657b7746c70eedd6e87cb8116378ad19381
Author
Flag
Submit your solution
You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.
You need to be logged in to submit a writeup.