| .. | ||
| flag | ||
| passwd | ||
| README.md | ||
Level 02
how to login
username: level02
password: f2av5il02puano7naaf6adaaf
Goal
run getflag as user flag02
Actually doing something
as always:
level02@SnowCrash:~$ ll
total 24
dr-x------ 1 level02 level02 120 Mar 5 2016 ./
d--x--x--x 1 root users 340 Aug 30 2015 ../
-r-x------ 1 level02 level02 220 Apr 3 2012 .bash_logout*
-r-x------ 1 level02 level02 3518 Aug 30 2015 .bashrc*
----r--r-- 1 flag02 level02 8302 Aug 30 2015 level02.pcap
-r-x------ 1 level02 level02 675 Apr 3 2012 .profile*
we have a new one !
lets try to find what this .pcap file is actually
level02@SnowCrash:~$ file level02.pcap
level02.pcap: tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 16777216)
seems like a job for wireshark !
What is wireshark ?
Wireshark is a program that allows the user to look at network (and a lot of other stuff) packets, with alot of information It can try to parse packets, show you information and is overhall VERY USERFULL to understand what is happening
Using Wireshark
We can load the capture file into wireshark, and then we get presented with a list of packets.
❯ nix run nixpkgs\#wireshark-cli -- -r ./level02.pcap
1 0.000000 59.233.235.218 → 59.233.235.223 TCP 74 39247 → 12121 [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM TSval=18592800 TSecr=0 WS=128
2 0.000128 59.233.235.223 → 59.233.235.218 TCP 74 12121 → 39247 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM TSval=46280417 TSecr=18592800 WS=32
3 0.000390 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=1 Ack=1 Win=14720 Len=0 TSval=18592800 TSecr=46280417
4 0.036008 59.233.235.223 → 59.233.235.218 TCP 69 12121 → 39247 [PSH, ACK] Seq=1 Ack=1 Win=14496 Len=3 TSval=46280426 TSecr=18592800
5 0.036255 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=1 Ack=4 Win=14720 Len=0 TSval=18592804 TSecr=46280426
6 0.036276 59.233.235.218 → 59.233.235.223 TCP 69 39247 → 12121 [PSH, ACK] Seq=1 Ack=4 Win=14720 Len=3 TSval=18592804 TSecr=46280426
7 0.036396 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=4 Ack=4 Win=14496 Len=0 TSval=46280426 TSecr=18592804
8 0.036581 59.233.235.223 → 59.233.235.218 TCP 84 12121 → 39247 [PSH, ACK] Seq=4 Ack=4 Win=14496 Len=18 TSval=46280426 TSecr=18592804
9 0.036698 59.233.235.218 → 59.233.235.223 TCP 84 39247 → 12121 [PSH, ACK] Seq=4 Ack=22 Win=14720 Len=18 TSval=18592804 TSecr=46280426
10 0.036859 59.233.235.223 → 59.233.235.218 TCP 90 12121 → 39247 [PSH, ACK] Seq=22 Ack=22 Win=14496 Len=24 TSval=46280426 TSecr=18592804
11 0.037039 59.233.235.218 → 59.233.235.223 TCP 133 39247 → 12121 [PSH, ACK] Seq=22 Ack=46 Win=14720 Len=67 TSval=18592804 TSecr=46280426
12 0.039170 59.233.235.223 → 59.233.235.218 TCP 84 12121 → 39247 [PSH, ACK] Seq=46 Ack=89 Win=14496 Len=18 TSval=46280427 TSecr=18592804
13 0.039392 59.233.235.218 → 59.233.235.223 TCP 140 39247 → 12121 [PSH, ACK] Seq=89 Ack=64 Win=14720 Len=74 TSval=18592804 TSecr=46280427
14 0.039704 59.233.235.223 → 59.233.235.218 TCP 73 12121 → 39247 [PSH, ACK] Seq=64 Ack=163 Win=14496 Len=7 TSval=46280427 TSecr=18592804
15 0.039842 59.233.235.218 → 59.233.235.223 TCP 73 39247 → 12121 [PSH, ACK] Seq=163 Ack=71 Win=14720 Len=7 TSval=18592804 TSecr=46280427
16 0.040138 59.233.235.223 → 59.233.235.218 TCP 81 12121 → 39247 [PSH, ACK] Seq=71 Ack=170 Win=14496 Len=15 TSval=46280427 TSecr=18592804
17 0.040277 59.233.235.218 → 59.233.235.223 TCP 75 39247 → 12121 [PSH, ACK] Seq=170 Ack=86 Win=14720 Len=9 TSval=18592804 TSecr=46280427
18 0.040450 59.233.235.223 → 59.233.235.218 TCP 107 12121 → 39247 [PSH, ACK] Seq=86 Ack=179 Win=14496 Len=41 TSval=46280427 TSecr=18592804
19 0.071743 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=179 Ack=127 Win=14720 Len=0 TSval=18592808 TSecr=46280427
20 0.071825 59.233.235.223 → 59.233.235.218 TCP 141 12121 → 39247 [PSH, ACK] Seq=127 Ack=179 Win=14496 Len=75 TSval=46280435 TSecr=18592808
21 0.071976 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=179 Ack=202 Win=14720 Len=0 TSval=18592808 TSecr=46280435
22 12.223886 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=179 Ack=202 Win=14720 Len=1 TSval=18594023 TSecr=46280435
23 12.229432 59.233.235.223 → 59.233.235.218 TCP 68 12121 → 39247 [PSH, ACK] Seq=202 Ack=180 Win=14496 Len=2 TSval=46283475 TSecr=18594023
24 12.229592 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=180 Ack=204 Win=14720 Len=0 TSval=18594023 TSecr=46283475
25 12.323890 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=180 Ack=204 Win=14720 Len=1 TSval=18594033 TSecr=46283475
26 12.329436 59.233.235.223 → 59.233.235.218 TCP 68 12121 → 39247 [PSH, ACK] Seq=204 Ack=181 Win=14496 Len=2 TSval=46283500 TSecr=18594033
27 12.329654 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=181 Ack=206 Win=14720 Len=0 TSval=18594033 TSecr=46283500
28 12.553547 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=181 Ack=206 Win=14720 Len=1 TSval=18594056 TSecr=46283500
29 12.561397 59.233.235.223 → 59.233.235.218 TCP 68 12121 → 39247 [PSH, ACK] Seq=206 Ack=182 Win=14496 Len=2 TSval=46283558 TSecr=18594056
30 12.561533 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=182 Ack=208 Win=14720 Len=0 TSval=18594056 TSecr=46283558
31 12.644167 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=182 Ack=208 Win=14720 Len=1 TSval=18594065 TSecr=46283558
32 12.649394 59.233.235.223 → 59.233.235.218 TCP 68 12121 → 39247 [PSH, ACK] Seq=208 Ack=183 Win=14496 Len=2 TSval=46283580 TSecr=18594065
33 12.649527 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=183 Ack=210 Win=14720 Len=0 TSval=18594065 TSecr=46283580
34 12.714079 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=183 Ack=210 Win=14720 Len=1 TSval=18594072 TSecr=46283580
35 12.721391 59.233.235.223 → 59.233.235.218 TCP 68 12121 → 39247 [PSH, ACK] Seq=210 Ack=184 Win=14496 Len=2 TSval=46283598 TSecr=18594072
36 12.721530 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=184 Ack=212 Win=14720 Len=0 TSval=18594072 TSecr=46283598
37 13.043928 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=184 Ack=212 Win=14720 Len=1 TSval=18594105 TSecr=46283598
38 13.049520 59.233.235.223 → 59.233.235.218 TCP 68 12121 → 39247 [PSH, ACK] Seq=212 Ack=185 Win=14496 Len=2 TSval=46283680 TSecr=18594105
39 13.049762 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=185 Ack=214 Win=14720 Len=0 TSval=18594105 TSecr=46283680
40 13.823856 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=185 Ack=214 Win=14720 Len=1 TSval=18594183 TSecr=46283680
41 13.827303 59.233.235.223 → 59.233.235.218 TCP 67 12121 → 39247 [PSH, ACK] Seq=214 Ack=186 Win=14496 Len=1 TSval=46283874 TSecr=18594183
42 13.827557 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=186 Ack=215 Win=14720 Len=0 TSval=18594183 TSecr=46283874
43 13.827653 59.233.235.223 → 59.233.235.218 TCP 79 12121 → 39247 [PSH, ACK] Seq=215 Ack=186 Win=14496 Len=13 TSval=46283874 TSecr=18594183
44 13.827763 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=186 Ack=228 Win=14720 Len=0 TSval=18594183 TSecr=46283874
45 22.095852 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=186 Ack=228 Win=14720 Len=1 TSval=18595010 TSecr=46283874
46 22.133398 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=187 Win=14496 Len=0 TSval=46285951 TSecr=18595010
47 22.985487 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=187 Ack=228 Win=14720 Len=1 TSval=18595099 TSecr=46285951
48 22.985568 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=188 Win=14496 Len=0 TSval=46286164 TSecr=18595099
49 23.605835 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=188 Ack=228 Win=14720 Len=1 TSval=18595161 TSecr=46286164
50 23.605906 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=189 Win=14496 Len=0 TSval=46286319 TSecr=18595161
51 24.076245 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=189 Ack=228 Win=14720 Len=1 TSval=18595208 TSecr=46286319
52 24.076322 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=190 Win=14496 Len=0 TSval=46286436 TSecr=18595208
53 24.306019 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=190 Ack=228 Win=14720 Len=1 TSval=18595231 TSecr=46286436
54 24.306080 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=191 Win=14496 Len=0 TSval=46286494 TSecr=18595231
55 24.535764 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=191 Ack=228 Win=14720 Len=1 TSval=18595254 TSecr=46286494
56 24.535825 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=192 Win=14496 Len=0 TSval=46286551 TSecr=18595254
57 24.675695 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=192 Ack=228 Win=14720 Len=1 TSval=18595268 TSecr=46286551
58 24.675752 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=193 Win=14496 Len=0 TSval=46286586 TSecr=18595268
59 25.016142 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=193 Ack=228 Win=14720 Len=1 TSval=18595302 TSecr=46286586
60 25.016217 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=194 Win=14496 Len=0 TSval=46286671 TSecr=18595302
61 26.596535 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=194 Ack=228 Win=14720 Len=1 TSval=18595460 TSecr=46286671
62 26.596615 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=195 Win=14496 Len=0 TSval=46287066 TSecr=18595460
63 26.966369 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=195 Ack=228 Win=14720 Len=1 TSval=18595497 TSecr=46287066
64 26.966450 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=196 Win=14496 Len=0 TSval=46287159 TSecr=18595497
65 27.336798 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=196 Ack=228 Win=14720 Len=1 TSval=18595534 TSecr=46287159
66 27.336848 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=197 Win=14496 Len=0 TSval=46287251 TSecr=18595534
67 28.106976 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=197 Ack=228 Win=14720 Len=1 TSval=18595611 TSecr=46287251
68 28.107054 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=198 Win=14496 Len=0 TSval=46287444 TSecr=18595611
69 28.306873 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=198 Ack=228 Win=14720 Len=1 TSval=18595631 TSecr=46287444
70 28.306942 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=199 Win=14496 Len=0 TSval=46287494 TSecr=18595631
71 29.996885 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=199 Ack=228 Win=14720 Len=1 TSval=18595800 TSecr=46287494
72 29.996963 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=200 Win=14496 Len=0 TSval=46287916 TSecr=18595800
73 31.307388 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=200 Ack=228 Win=14720 Len=1 TSval=18595931 TSecr=46287916
74 31.307470 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=201 Win=14496 Len=0 TSval=46288244 TSecr=18595931
75 31.747118 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=201 Ack=228 Win=14720 Len=1 TSval=18595975 TSecr=46288244
76 31.747176 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=202 Win=14496 Len=0 TSval=46288354 TSecr=18595975
77 32.367715 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=202 Ack=228 Win=14720 Len=1 TSval=18596037 TSecr=46288354
78 32.367798 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=203 Win=14496 Len=0 TSval=46288509 TSecr=18596037
79 32.537454 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=203 Ack=228 Win=14720 Len=1 TSval=18596054 TSecr=46288509
80 32.537506 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=204 Win=14496 Len=0 TSval=46288552 TSecr=18596054
81 32.807373 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=204 Ack=228 Win=14720 Len=1 TSval=18596081 TSecr=46288552
82 32.807426 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=205 Win=14496 Len=0 TSval=46288619 TSecr=18596081
83 32.837328 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=205 Ack=228 Win=14720 Len=1 TSval=18596084 TSecr=46288619
84 32.837382 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=206 Win=14496 Len=0 TSval=46288626 TSecr=18596084
85 33.697667 59.233.235.218 → 59.233.235.223 TCP 67 39247 → 12121 [PSH, ACK] Seq=206 Ack=228 Win=14720 Len=1 TSval=18596170 TSecr=46288626
86 33.697744 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [ACK] Seq=228 Ack=207 Win=14496 Len=0 TSval=46288842 TSecr=18596170
87 33.705420 59.233.235.223 → 59.233.235.218 TCP 69 12121 → 39247 [PSH, ACK] Seq=228 Ack=207 Win=14496 Len=3 TSval=46288844 TSecr=18596170
88 33.705616 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=207 Ack=231 Win=14720 Len=0 TSval=18596170 TSecr=46288844
89 36.462504 59.233.235.223 → 59.233.235.218 TCP 67 12121 → 39247 [PSH, ACK] Seq=231 Ack=207 Win=14496 Len=1 TSval=46289533 TSecr=18596170
90 36.462761 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=207 Ack=232 Win=14720 Len=0 TSval=18596446 TSecr=46289533
91 36.462858 59.233.235.223 → 59.233.235.218 TCP 101 12121 → 39247 [PSH, ACK] Seq=232 Ack=207 Win=14496 Len=35 TSval=46289533 TSecr=18596446
92 36.463013 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=207 Ack=267 Win=14720 Len=0 TSval=18596446 TSecr=46289533
93 42.109464 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [FIN, ACK] Seq=207 Ack=267 Win=14720 Len=0 TSval=18597011 TSecr=46289533
94 42.110028 59.233.235.223 → 59.233.235.218 TCP 66 12121 → 39247 [FIN, ACK] Seq=267 Ack=208 Win=14496 Len=0 TSval=46290945 TSecr=18597011
95 42.110236 59.233.235.218 → 59.233.235.223 TCP 66 39247 → 12121 [ACK] Seq=208 Ack=268 Win=14720 Len=0 TSval=18597011 TSecr=46290945
So yeah... Tcp is not a nice protocol to look at if you don't know anything
Looking at packets by hand in the gui, I can see some ASCII text
$'E@@A;;/YOtK
.(
Linux 2.6.38-8-generic-pae (::ffff:10.1.1.2) (pts/10)
wwwbugs login:
Wireshark as a way to see the "total" TCP converstation We could do it by hand, copying every "data" section and pasting it into a single file, but why do it when wireshare does it better
If we do that, we get an nicely formatted stuff
00000000 ff fd 25 ..%
00000000 ff fc 25 ..%
00000003 ff fb 26 ff fd 18 ff fd 20 ff fd 23 ff fd 27 ff ..&..... ..#..'.
00000013 fd 24 .$
00000003 ff fe 26 ff fb 18 ff fb 20 ff fb 23 ff fb 27 ff ..&..... ..#..'.
00000013 fc 24 .$
00000015 ff fa 20 01 ff f0 ff fa 23 01 ff f0 ff fa 27 01 .. ..... #.....'.
00000025 ff f0 ff fa 18 01 ff f0 ........
00000015 ff fa 20 00 33 38 34 30 30 2c 33 38 34 30 30 ff .. .3840 0,38400.
00000025 f0 ff fa 23 00 53 6f 64 61 43 61 6e 3a 30 ff f0 ...#.Sod aCan:0..
00000035 ff fa 27 00 00 44 49 53 50 4c 41 59 01 53 6f 64 ..'..DIS PLAY.Sod
00000045 61 43 61 6e 3a 30 ff f0 ff fa 18 00 78 74 65 72 aCan:0.. ....xter
00000055 6d ff f0 m..
0000002D ff fb 03 ff fd 01 ff fd 22 ff fd 1f ff fb 05 ff ........ ".......
0000003D fd 21 .!
00000058 ff fd 03 ff fc 01 ff fb 22 ff fa 22 03 01 00 00 ........ ".."....
00000068 03 62 03 04 02 0f 05 00 00 07 62 1c 08 02 04 09 .b...... ..b.....
00000078 42 1a 0a 02 7f 0b 02 15 0f 02 11 10 02 13 11 02 B....... ........
00000088 ff ff 12 02 ff ff ff f0 ff fb 1f ff fa 1f 00 b1 ........ ........
00000098 00 31 ff f0 ff fd 05 ff fb 21 .1...... .!
0000003F ff fa 22 01 03 ff f0 .."....
000000A2 ff fa 22 01 07 ff f0 .."....
00000046 ff fa 21 03 ff f0 ff fb 01 ff fd 00 ff fe 22 ..!..... ......"
000000A9 ff fd 01 ff fb 00 ff fc 22 ........ "
00000055 ff fa 22 03 03 e2 03 04 82 0f 07 e2 1c 08 82 04 .."..... ........
00000065 09 c2 1a 0a 82 7f 0b 82 15 0f 82 11 10 82 13 11 ........ ........
00000075 82 ff ff 12 82 ff ff ff f0 ........ .
0000007E 0d 0a 4c 69 6e 75 78 20 32 2e 36 2e 33 38 2d 38 ..Linux 2.6.38-8
0000008E 2d 67 65 6e 65 72 69 63 2d 70 61 65 20 28 3a 3a -generic -pae (::
0000009E 66 66 66 66 3a 31 30 2e 31 2e 31 2e 32 29 20 28 ffff:10. 1.1.2) (
000000AE 70 74 73 2f 31 30 29 0d 0a 0a 01 00 77 77 77 62 pts/10). ....wwwb
000000BE 75 67 73 20 6c 6f 67 69 6e 3a 20 ugs logi n:
000000B2 6c l
000000C9 00 6c .l
000000B3 65 e
000000CB 00 65 .e
000000B4 76 v
000000CD 00 76 .v
000000B5 65 e
000000CF 00 65 .e
000000B6 6c l
000000D1 00 6c .l
000000B7 58 X
000000D3 00 58 .X
000000B8 0d .
000000D5 01 .
000000D6 00 0d 0a 50 61 73 73 77 6f 72 64 3a 20 ...Passw ord:
000000B9 66 f
000000BA 74 t
000000BB 5f _
000000BC 77 w
000000BD 61 a
000000BE 6e n
000000BF 64 d
000000C0 72 r
000000C1 7f .
000000C2 7f .
000000C3 7f .
000000C4 4e N
000000C5 44 D
000000C6 52 R
000000C7 65 e
000000C8 6c l
000000C9 7f .
000000CA 4c L
000000CB 30 0
000000CC 4c L
000000CD 0d .
000000E3 00 0d 0a ...
000000E6 01 .
000000E7 00 0d 0a 4c 6f 67 69 6e 20 69 6e 63 6f 72 72 65 ...Login incorre
000000F7 63 74 0d 0a 77 77 77 62 75 67 73 20 6c 6f 67 69 ct..wwwb ugs logi
00000107 6e 3a 20 n:
This looks a bit annoying, but if we remove the hexdump stuff, and keep only the ascii (non ascii are represneted by . )characters, we get this
> ..%
< ..%
> ..&..... ..#..'..$
< ..&..... ..#..'..$
> .. .....#.....'.........
< .. .38400,38400....#.SodaCan:0....'..DISPLAY.SodaCan:0......xterm..
> ........"........!
< ........"..".....b........b.... B.
< ..............................1.......!
> .."....
< .."....
> ..!..........."
< ........"
> .."............. ..
> .....................
> Linux 2.6.38-8-generic-pae (::ffff:10.1.1.2) (pts/10)
> ..wwwbugs login:
< l
> .l
< e
> .e
< v
> .v
< e
> .e
< l
> .l
< X
> .X
> ..
> Password:
< ft_wandr...NDRel.L0L
> .
> ..
> Login incorrect
> wwwbugs login:
(Legend: < means client send this to the server and > means the server sent this to the client. any . may represent an non-ascii/non-character byte)
We see a nice Passowrd: sent by the server, with a nice response of ft_wandr...NDRel.L0L.
While looking at the hexdump, we can decipher what the . are truly representing
as a C string it looks like this "ft_wandr\x7f\x7f\x7fNDRel\x7fL0L"
a quick man ascii reveal that \x7f is the DEL character.
Assuming this means that mister Wandre failed to type is password, corrected it, and sent it, it would be
ft_waNDReL0L
level02@SnowCrash:~$ su flag02 -c getflag
Password:
Check flag.Here is your token : kooda2puivaav1idi4f57q8iq