Forum Discussion

Bronze III

8 months ago

Solved

SuperSonic: Ep.6 – TEMPLE

I have Problems with the last two questions: In which file did the attacker find the credentials for the second account they accessed? I extracted the 14 files with SMB/Wireshark but i am not able ...

help & support

pbogu
8 months ago
yeah, these files are...
Anyway use filter to get only SMB traffic and then search through pcap using Edit -> Find Packet
You can use that to find strings within packets and if you know SMB header structure you should be able to spot logon information. From there you can follow up the traffic to see what's being done by each user and find out which sessions are bogus.

AdamMartin

Community Support

8 months ago

Hi schmitty I have a reply to your query from the lab author regarding your original post to say that extracting files from packet captures isn’t always reliable.

They have advised that you can find everything you need to complete the lab in the traffic, so don’t worry about extracting objects from the capture.

Once you find the control software you should then have the IP of the attacker which you can use to filter down smb traffic to find the answer to the question you’re stuck on.

I hope that helps, and let us know if you need help with anything else!

Forum Discussion

SuperSonic: Ep.6 – TEMPLE

Featured Places

Help & Support Forum

Related Content

Cross-Site Scripting: Ep.6 – Further Exploitation

Windows Hardening: Ep.6 – Pivoting

Linux Stack Overflow Ep.6

PoshC2: Ep.6 – Demonstrate Your Skills

Re: Cross-Site Scripting: Ep.6 – Further Exploitation

Recent Discussions

Hack Your First Web App: Ep.4 Missing Cookie

It seems correct answer is not accepted.

Help with Introduction to Python Scripting: Ep.7 – Demonstrate Your Skills

Privilege Escalation: Windows – Finding Passwords

Microsoft Defender for Cloud: Inventory, Resource Health and Recommendations.