This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Identifying the hacker

0

Hello can someone help me and give steps on finding the hacker in this pcap file?

https://drive.google.com/open?id=0B94k1Bz5s_fRWTBIdDZRQzhXM2s

asked 26 Sep '16, 06:52

pacbell86's gravatar image

pacbell86
2223
accept rate: 0%

edited 01 Oct '16, 04:44

Christian_R's gravatar image

Christian_R
1.8k2625

2 Answers:

1

This should get you going...
The clue to this challenge is to find two files that were downloaded from the windows machine and to extract those from the pcap file.

http and ip.ttl==64

alt text

If you succeed to unzip myfile you see what the hacker's identity is

alt text

answered 11 Oct '16, 00:08

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%

edited 11 Oct '16, 22:14

0

The password is also findable in the pcap ;-)

answered 17 Oct '16, 03:34

SynAck's gravatar image

SynAck
313
accept rate: 33%