Forum Discussion

schmitty's avatar
schmitty
Icon for Bronze III rankBronze III
15 days ago

SuperSonic: Ep.6 – TEMPLE

I have Problems with the last two questions: In which file did the attacker find the credentials for the second account they accessed? I extracted the 14 files with SMB/Wireshark but i am not able ...
help & support
  • pbogu's avatar
    pbogu
    12 days ago

    yeah, these files are... 
    Anyway use filter to get only SMB traffic and then search through pcap using Edit -> Find Packet
    You can use that to find strings within packets and if you know SMB header structure you should be able to spot logon information. From there you can follow up the traffic to see what's being done by each user and find out which sessions are bogus.

KieranRowley's avatar
KieranRowley
Icon for Community Manager rankCommunity Manager
13 days ago

Hi schmitty I see there have been no replies on this one so far so I have forwarded your question to the lab author.