跳到主要内容

Watch Tower

CHALLENGE DESCRIPTION

Difficulty: VERY EASY

Our infrastructure monitoring system detected some abnormal behavior and initiated a network capture. We need to identify information the intruders collected and altered in the network.

我们的基础设施监控系统检测到一些异常行为,并启动了网络捕获。我们需要识别入侵者在网络中收集和篡改的信息。

题目提供了流量包文件 tower_logs.pcapng

img

流量核心是 Modbus 协议的流量

直接暴力看Modbus的TCP Session的流信息,可以发现特征头

img

提取出来即可

┌──(randark㉿kali)-[~/tmp]
└─$ tshark -r tower_logs.pcapng -T fields -Y "(ip.src == 192.168.1.150) && (modbus.func_code == 16)" -e modbus.reference_num | awk '{for(i=1;i<=NF;i++) printf("%c", $i); print ""}' | tr -d "\n"
4LR0P3Un8F-HTB{3nc2yp710n?_n3v32_h342d_0f_7h47!@^}-r6ZJa0

即可得到答案

HTB{3nc2yp710n?_n3v32_h342d_0f_7h47!@^}