Forum Discussion

Bronze III

9 months ago

Solved

SuperSonic: Ep.6 – TEMPLE

I have Problems with the last two questions: In which file did the attacker find the credentials for the second account they accessed? I extracted the 14 files with SMB/Wireshark but i am not able ...

help & support

pbogu
9 months ago
yeah, these files are...
Anyway use filter to get only SMB traffic and then search through pcap using Edit -> Find Packet
You can use that to find strings within packets and if you know SMB header structure you should be able to spot logon information. From there you can follow up the traffic to see what's being done by each user and find out which sessions are bogus.

netcat

Silver III

9 months ago

Do this:
- Identify the compromised SMB accounts. -> 50% of the last question, and almost 50% of the other question, by digging deeper in the packets (The installed WireShark does not export the file). And with the file, you have the account, too.

Forum Discussion

SuperSonic: Ep.6 – TEMPLE

Featured Places

Help & Support Forum

Related Content

Cross-Site Scripting: Ep.6 – Further Exploitation

PoshC2: Ep.6 – Demonstrate Your Skills

Linux Stack Overflow Ep.6

Windows Hardening: Ep.6 – Pivoting

Confusion on Cyber Fundamentals Linux CLI ep.16 question 6

Recent Discussions

A Letter to Santa

GuardDuty: Demonstrate Your Skills

Hack Your First Web App: Ep.6 - Hydra

Foundational Static Analysis: API Analysis step 10

AI: Plugin Injection - Demonstrate Your Skills