I Smell Packets


The Spy Hunter, Part III – Solution Posted
February 14, 2012, 4:20 pm
Filed under: Packet Challenge, pcap

The Spy Hunter, Part III – Solution posted. http://t.co/HPInnFD



“The Spy Hunter 3″ Packet Challenge
January 24, 2012, 3:40 pm
Filed under: Packet Challenge, pcap | Tags: ,

OperationCHASTISE

+++++ Investigators’ briefing – Operation CHASTISE ++++

Operation NEPTUNE, whilst yielding significant intelligence product, also represented a gross failing of Yellow Sun’s personnel security procedures. An agent of the Adversary (now known to be the Sinister Icy Black Hand Of Death, aka SIBHOD) was unwittingly employed as part of NEPTUNE’s plan to conduct offensive operations. Once the agent (known as Keith Starr, real name now known to be Kerry Nitpick) discovered the nature of his target he swiftly left Yellow Sun’s HQ either fearing exposing SIBHOD, or fearing SIBHOD’s harsh HR stance on errant staff…

The remainder of mission brief and the pcap can be downloaded from Google docs at the following URL:

http://bit.ly/xT7ZE3

The filenames are:

OperationCHASTISE.pdf

OperationCHASTISE.pcap

Send your answers to chris (dot) christianson (at) gmail (dot) com.

****************************

Disclaimer: All characters and organisations in this challenge are fictitious. Any resemblance to real or virtual persons, living or dead, is purely coincidental.

This challenge requires you to interact with a live website. There is no need to probe or otherwise attack the website. All necessary information has been provided in the challenge materials, and if the domain name doesn’t contain the string “nybblecomms”, you’re in the wrong place. Any hostile activity directed at the site may result in the challenge being taken offline.

******************************

Bookmark and Share



The Spy Hunter, Part II – Solution posted.
August 16, 2011, 7:09 am
Filed under: Packet Challenge | Tags: ,

The Spy Hunter, Part II – Solution posted. http://wirewatcher.wordpress.com/2011/08/14/the-spy-hunter-part-ii-solution/



“THE SPY HUNTER 2” PACKET CHALLENGE CONTINUES
August 13, 2011, 1:00 am
Filed under: Packet Challenge, pcap | Tags: , ,

The “The Spy Hunter 2″ Packet Challenge saga continues.  Go to Alec R Waters (@alecrwaters on twitter) blog at wirewatcher.wordpress.com for the rest of the story.  Results and Solution posted soon.



“The Spy Hunter 2″ Packet Challenge
July 13, 2011, 1:01 pm
Filed under: Packet Challenge, pcap | Tags: ,
Screen shot 2011 07 12 at 8 54 16 AM

+++++ Investigators’ briefing – Operation NEPTUNE +++++

In the wake of the Donald Burgess affair, Yellow Sun Heavy Industries finds itself in an uncomfortable situation. The top secret plans for Project ThatsNoMoon are in the hands of an unknown Adversary, and the traitorous Burgess has disappeared. Only by taking positive action of its own can Yellow Sun hope to salvage the situation…

So begins the next chapter of Alec R Waters’ Spy Hunter saga.

The remainder of mission brief and the pcap can be downloaded from Google docs at the following URL:

http://goo.gl/kUbWo

The filenames are:

Operation NEPTUNE.pdf

OperationNEPTUNE.pcap

Send your answers to chris (dot) christianson (at) gmail (dot) com.

****************************

Disclaimer: All characters in this challenge are fictitious. Any resemblance to real or virtual persons, living or dead, is purely coincidental.

At no point in this challenge should you attack any system. All tasks can be accomplished by performing simple analysis.

There is malware embedded.

******************************

Bookmark and Share



Files Moving
July 13, 2011, 1:01 pm
Filed under: Uncategorized | Tags:

Please note that files from all previous challenges have moved to the following url:

http://goo.gl/kUbWo

Bookmark and Share



Solution to the “Check It Out” Packet Challenge using Scapy
April 22, 2011, 1:03 am
Filed under: Packet Challenge, scapy | Tags: , ,

Here’s a nifty solution to the “Check It Out” Packet Challenge by StalkR (@stalkr_ on Twitter) that uses Scapy:

StalkR writes:

Just seen the challenge and wanted to try :)

1) save the hexdump on the blog post into packet.txt

2) turn it back into a hex string
$ awk ‘$0!=””{print $0}’ packet.txt |sed ‘s/ //g’ |tr -d ‘\n’ > packet.hex

3) run scapy
$ scapy
Welcome to Scapy (2.1.0)

4) load hex and decode
$ scapy
>>> p = open(‘packet.hex’).read().decode(‘hex’)
>>> p
‘E\x00\x05\’\x00\x01@\x0[...]‘

5) load it as an IP packet
>>> p = IP(p)
>>> p
<IP  version=4L ihl=5L tos=0x0 len=1319 [...] chksum=0x0

6) remove chksum to force calculation
>>> p.chksum = None

7a) force calculation of chksum either with show2()
>>> p.show2()
###[ IP ]###
[...]
chksum= 0xb27c

7b) or just turn packet into string and load it again:
>>> ‘0x%04x’ % IP(str(p)).chksum
‘0xb27c’

Hurray for scapy \o/

Chris continues:

Very cool use of scapy.  What other tools could we use to solve this?

As always, if you’d like to submit a challenge to http://www.ismellpackets.com contact me at chris (dot) christianson (at) gmail (dot) com.

Bookmark and Share

 




Follow

Get every new post delivered to your Inbox.