Filed under: Uncategorized
A new Spy Hunter Challenge has been posted over at My War with Entropy. Check it out here.
Filed under: Packet Challenge
A new Spy Hunter Challenge has been posted. http://blog.mywarwithentropy.com/2014/11/spy-hunter-holiday-challenge-2014.html
Filed under: Packet Challenge
Just a quick note that the brief for the original “THE SPY HUNTER” PACKET CHALLENGE was renamed to OperationFOOT.pdf when it was moved.
The Spy Hunter, Part III – Solution posted. http://t.co/HPInnFD
+++++ Investigators’ briefing – Operation CHASTISE ++++
Operation NEPTUNE, whilst yielding significant intelligence product, also represented a gross failing of Yellow Sun’s personnel security procedures. An agent of the Adversary (now known to be the Sinister Icy Black Hand Of Death, aka SIBHOD) was unwittingly employed as part of NEPTUNE’s plan to conduct offensive operations. Once the agent (known as Keith Starr, real name now known to be Kerry Nitpick) discovered the nature of his target he swiftly left Yellow Sun’s HQ either fearing exposing SIBHOD, or fearing SIBHOD’s harsh HR stance on errant staff…
The remainder of mission brief and the pcap can be downloaded from Google docs at the following URL:
The filenames are:
OperationCHASTISE.pdf
OperationCHASTISE.pcap
Send your answers to chris (dot) christianson (at) gmail (dot) com.
****************************
Disclaimer: All characters and organisations in this challenge are fictitious. Any resemblance to real or virtual persons, living or dead, is purely coincidental.
This challenge requires you to interact with a live website. There is no need to probe or otherwise attack the website. All necessary information has been provided in the challenge materials, and if the domain name doesn’t contain the string “nybblecomms”, you’re in the wrong place. Any hostile activity directed at the site may result in the challenge being taken offline.
******************************
The Spy Hunter, Part II – Solution posted. http://wirewatcher.wordpress.com/2011/08/14/the-spy-hunter-part-ii-solution/
Filed under: Packet Challenge, pcap | Tags: Packet Challenge, pcap, Spyhunter
The “The Spy Hunter 2” Packet Challenge saga continues. Go to Alec R Waters (@alecrwaters on twitter) blog at wirewatcher.wordpress.com for the rest of the story. Results and Solution posted soon.
Related articles
- The Spy Hunter, Part II – Epilogue (wirewatcher.wordpress.com)
- “The Spy Hunter 2″ Packet Challenge (ismellpackets.com)
- The Spy Hunter, Part II (wirewatcher.wordpress.com)
+++++ Investigators’ briefing – Operation NEPTUNE +++++
In the wake of the Donald Burgess affair, Yellow Sun Heavy Industries finds itself in an uncomfortable situation. The top secret plans for Project ThatsNoMoon are in the hands of an unknown Adversary, and the traitorous Burgess has disappeared. Only by taking positive action of its own can Yellow Sun hope to salvage the situation…
So begins the next chapter of Alec R Waters’ Spy Hunter saga.
The remainder of mission brief and the pcap can be downloaded from Google docs at the following URL:
The filenames are:
Operation NEPTUNE.pdf
OperationNEPTUNE.pcap
Send your answers to chris (dot) christianson (at) gmail (dot) com.
****************************
Disclaimer: All characters in this challenge are fictitious. Any resemblance to real or virtual persons, living or dead, is purely coincidental.
At no point in this challenge should you attack any system. All tasks can be accomplished by performing simple analysis.
There is malware embedded.
******************************
Filed under: Packet Challenge, scapy | Tags: Checksum, Packet Challenge, scapy
Here’s a nifty solution to the “Check It Out” Packet Challenge by StalkR (@stalkr_ on Twitter) that uses Scapy:
StalkR writes:
Just seen the challenge and wanted to try 🙂
1) save the hexdump on the blog post into packet.txt
2) turn it back into a hex string
$ awk ‘$0!=””{print $0}’ packet.txt |sed ‘s/ //g’ |tr -d ‘\n’ > packet.hex
3) run scapy
$ scapy
Welcome to Scapy (2.1.0)
4) load hex and decode
$ scapy
>>> p = open(‘packet.hex’).read().decode(‘hex’)
>>> p
‘E\x00\x05\’\x00\x01@\x0[…]’
5) load it as an IP packet
>>> p = IP(p)
>>> p
<IP version=4L ihl=5L tos=0x0 len=1319 […] chksum=0x0
6) remove chksum to force calculation
>>> p.chksum = None
7a) force calculation of chksum either with show2()
>>> p.show2()
###[ IP ]###
[…]
chksum= 0xb27c
7b) or just turn packet into string and load it again:
>>> ‘0x%04x’ % IP(str(p)).chksum
‘0xb27c’
…
Hurray for scapy \o/
Chris continues:
Very cool use of scapy. What other tools could we use to solve this?
As always, if you’d like to submit a challenge to http://www.ismellpackets.com contact me at chris (dot) christianson (at) gmail (dot) com.
I Smell Packets 