This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello can someone help me and give steps on finding the hacker in this pcap file?

https://drive.google.com/open?id=0B94k1Bz5s_fRWTBIdDZRQzhXM2s

asked 26 Sep '16, 06:52

pacbell86's gravatar image

pacbell86
2223
accept rate: 0%

edited 01 Oct '16, 04:44

Christian_R's gravatar image

Christian_R
1.8k2625


This should get you going...
The clue to this challenge is to find two files that were downloaded from the windows machine and to extract those from the pcap file.

http and ip.ttl==64

alt text

If you succeed to unzip myfile you see what the hacker's identity is

alt text

permanent link

answered 11 Oct '16, 00:08

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%

edited 11 Oct '16, 22:14

The password is also findable in the pcap ;-)

permanent link

answered 17 Oct '16, 03:34

SynAck's gravatar image

SynAck
313
accept rate: 33%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×63
×23
×14

question asked: 26 Sep '16, 06:52

question was seen: 2,395 times

last updated: 17 Oct '16, 03:34

p​o​w​e​r​e​d by O​S​Q​A