CodeBreaker2018 walkthrough, Task 0 Warm up
— 1 min read
![screen](/static/5760404e32f3cb827b0feb5e58c3899c/724ba/assignment.png)
This task is really simple, all you need to do is download the given capture file and analyze it with a tool such as tcpdump or WireShark
Let's use tcpdump.
![TrafficDump](/static/9ef06765cac359796c06ff972b5eaa01/9fe72/tcpdump.png)
The provided PCAP file contains a dump of a single conversation between two hosts; first one with IP address 10.47.114.22 and the second one with IP address 172.17.39.217. We also see that host 10.47.114.22 sends out the first packet and it has a higher port number than host 172.17.39.217. So we can assume that this is a typical client server design where Ransomware reaches out to the control host first. We therefore assume that the address of command server is 172.17.39.217
Let's try.
![Solved](/static/188f6d2eba38141aaa3be79ab70ec225/14e2f/task0-solved.png)
Yes, our assumption was correct.
Let’s continue to Task 2
Comments powered by Talkyard.