FRA released a new security challenge today! It was great fun to solve. The challenge continues on the topic of evil shells. I've covered the specific case of web shells in Improving web shells. However, this time it's a python shell using different data encoding and encryption tricks.
Since this challenge is still active I'll wait with the full write-up.
However, I will share an encrypted version of my solution, in case you've also solved it: pcap-challenge2020-1-solution.tar.gz.gpg (md5:
The password is the
md5sum of the attack plans 😉
I use Pastebin for timestamping. The hash of my solution can be found on https://pastebin.com/PzcL0WTt
Please let me know if you know any better service for timestamping files. This might be one of the few cases where a blockchain is actually useful.
Below is the full description of the challenge.
Vad har en av nätverkets klienter för sig? Förstå trafiken och svara på frågorna.
Tillhör tjänsten "Underrättelseanalytiker till Cyberförsvaret" (Påsken 2020).
(16821 bytes, sha256: e260730a555a30b8bd312c6f00be816353b22f72fdbfd0bdf19403727ae20212)