🚩
Anthony Morell's Gitbook
Capture The Flag
CertificationsCapture The FlagBug BountiesHome
Capture The Flag
CertificationsCapture The FlagBug BountiesHome
  • 🖥️CTF Writeups
  • 🟦TryHackMe
    • THM Overview
      • Reverse Engineering
      • Game Server
      • Obscure Web Vulns
      • UltraTech
      • Linux Privilege Escalation
      • The Marketplace
      • RootMe
      • Agent Sudo
      • Startup
      • Lian_Yu
      • Advent of Cyber 2022
        • [Day 1] Frameworks
        • [Day 2] Log Analysis
        • [Day 3] OSINT
        • [Day 4] Scanning
        • [Day 5] Brute-Forcing
        • [Day 6] Email Analysis
        • [Day 7] CyberChef
        • [Day 8] Smart Contracts
        • [Day 9] Pivoting
        • [Day 10] Hack a game
        • [Day 11] Memory Forensics
        • [Day 12] Malware Analysis
        • [Day 13] Packet Analysis
        • [Day 14] Web Applications
        • [Day 15] Secure Coding
        • [Day 16] Secure Coding
        • [Day 17] Secure Coding
        • [Day 18] Sigma
        • [Day 19] Hardware Hacking
        • [Day 20] Firmware
        • [Day 21] MQTT
        • [Day 22] Attack Surface Reduction
        • [Day 23] Defence in Depth
        • [Day 24] The End
  • 🟫PentesterLab
    • PL Overview
      • Recon Badge
        • Badge Solutions
  • 🟩Hack The Box
    • HTB Overview
      • HTB Post
  • 🟧BurpSuite Academy
    • BSA Overview
      • GraphQL API vulnerabilities
        • Accessing private GraphQL posts
        • Accidental exposure of private GraphQL fields
        • Finding a hidden GraphQL endpoint
  • 🏁Competitions
    • Competition Overview
      • GM Bug Bounty Competition
Powered by GitBook
On this page
  1. TryHackMe
  2. THM Overview
  3. Advent of Cyber 2022

[Day 13] Packet Analysis

December 13, 2022

Today I got to use Wireshark to investigate network traffic that shows malware activity.

Flags

What is the "Percent Packets" value of the "Hypertext Transfer Protocol"?

0.3

Which port number has received more than 1000 packets?

3389

What is the service name of the used protocol that received more than 1000 packets?

rdp

What are the domain names? Enter the domains in alphabetical order and defanged format.

bestfestivalcompany[.]thm,cdn[.]bandityeti[.]thm

What are the names of the requested files? Enter the names in alphabetical order and in defanged format.

favicon[.]ico,mysterygift[.]exe

Which IP address downloaded the executable file? Enter your answer in defanged format.

10[.]10[.]29[.]186

Which domain address hosts the malicious file? Enter your answer in defanged format.

cdn[.]bandityeti[.]thm

What is the "user-agent" value used to download the non-executable file?

Nim httpclient/1.6.8

What is the sha256 hash value of the executable file?

0ce160a54d10f8e81448d0360af5c2948ff6a4dbb493fe4be756fc3e2c3f900f

What are the connected IP addresses? Enter the IP addressed defanged and in numerical order.

20[.]99[.]133[.]109,20[.]99[.]184[.]37,23[.]216[.]147[.]76

Previous[Day 12] Malware AnalysisNext[Day 14] Web Applications

Last updated 2 years ago

🟦
  • Flags
  • What is the "Percent Packets" value of the "Hypertext Transfer Protocol"?
  • Which port number has received more than 1000 packets?
  • What is the service name of the used protocol that received more than 1000 packets?
  • What are the domain names? Enter the domains in alphabetical order and defanged format.
  • What are the names of the requested files? Enter the names in alphabetical order and in defanged format.
  • Which IP address downloaded the executable file? Enter your answer in defanged format.
  • Which domain address hosts the malicious file? Enter your answer in defanged format.
  • What is the "user-agent" value used to download the non-executable file?
  • What is the sha256 hash value of the executable file?
  • What are the connected IP addresses? Enter the IP addressed defanged and in numerical order.