2017 05 08 Whitehat Challenge 03 For001 Forensics

Mark Koskei

May 08, 2017

WhiteHat Challenge 03 - For001 - Forensics

This piece of data is captured via USB port, look for the flag transferred through it.

You can use Wireshark to read the file pcapng. Download file pcap here: http://material.wargame.whitehat.vn/challenges/3/For001_61fb3e6d8aa22c75362af02e798331bbf5b73a4b.zip Submit WhiteHat{sha1(flag)} Example: flag = Hello World sha1(“Hello World”) = 0a4d55a8d778e5022fab701977c5d840bbc486d0 submit: WhiteHat{0a4d55a8d778e5022fab701977c5d840bbc486d0} (all hash characters in lowercase)

Extracting the zip file gives us a network packet capture usbtraffic.pcapng.

Binwalk returns a text file containing the string “Life is short, Smile while you still have teeth !”.

$ binwalk -e usbtraffic.pcapng>

Generating the hash returns the flag.

$ echo -n "Life is short, Smile while you still have teeth !". | shasum

Flag: WhiteHat{3244495470c50733ac0d93b7b4f8c6d12eaba65c}