πΎ Archived View for airmack.de βΊ single βΊ 4abb9ece859f35c242547c24413532731d6a00cb50057d0c6de416b6c8β¦ captured on 2021-12-05 at 23:47:19. Gemini links have been rewritten to link to archived content
β¬ οΈ Previous capture (2021-11-30)
β‘οΈ Next capture (2021-12-17)
-=-=-=-=-=-=-
βββββββββββββββββββββββββββββββββββββββ βββββββββββββββββββββββββββββββββββββββ βββββββββββββββββββββββββββββββββββββββ
Aus der Kategorie Hacking
In the pcap included in this challenge we see icmp packages that are sent to 10.13.37.161. Only some packages receive a reply. An important fact is that the TTL changes and depending on the TTL a reply is send or not. It seems that a certain pattern of TTLs need to be send to retrieve the flag. The following code was used to brute force the repley:
#!/bin/bash counter="73" BREAKER=0 TIMEOUT=50 while [ $BREAKER -eq 0 ] ; do echo $counter for i in $(seq 63 125) do for j in $counter do fping -H $j 10.13.37.161 -t $TIMEOUT -c 1 > /dev/null done echo $i fping -H $i 10.13.37.161 $TIMEOUT -c 1 > /dev/null if [ $? -eq 0 ] then break fi if [ $i -eq 125 ] then $BREAKER=1 fi done done
The TTL of the package with a reply yields a range of ASCII character which can be finaly translated to INS{ttl_leak_is_trendy_this_year}
Project gemini erstellt am 13. Februar 2021
Eat Sleep PWN Repeat erstellt am 07. Dezember 2020
Breaking out of cisco anyconnect no local network restriction erstellt am 8. April 2018
Insomni Hack 2015(Lost In Memories) writeup erstellt am 23. Maerz 2014
ruCTF 2014(Pidometer) writeup erstellt am 21. Dezember 2014
CMake Matlab/Simulink crosscompiling erstellt am 02. September 2014