TLS Fundamentals: Ep.8 – Final Challenge
TLS Fundamentals: Ep.8 – Final Challenge the 15th question Connect to the localhost using the answer from the previous task as the port. What is the six character token value embedded in the ticket name? The hint is : Hint Look at the session ticket data. The token is a random six character string that is prefixed with "TOKEN=". the answer from the previous task as the port is 64321, but no token with prefix "TOKEN=" I doubt there is no correct answer, looking forward your feedback. iml-user@secure-ops-wireshark-with-nginx:~$ openssl s_client -connect localhost:64321 CONNECTED(00000003) Can't use SSL_get_servername depth=2 O = TLS Fundamentals, CN = TLS Fundamentals Root CA verify error:num=19:self-signed certificate in certificate chain verify return:1 depth=2 O = TLS Fundamentals, CN = TLS Fundamentals Root CA verify return:1 depth=1 O = TLS Fundamentals, CN = TLS Fundamentals Intermediate CA verify return:1 depth=0 CN = admin.immersive.local verify return:1 --- Certificate chain 0 s:CN = admin.immersive.local i:O = TLS Fundamentals, CN = TLS Fundamentals Intermediate CA a:PKEY: rsaEncryption, 2048 (bit); sigalg: ecdsa-with-SHA256 v:NotBefore: Dec 5 12:16:11 2025 GMT; NotAfter: Dec 6 12:16:11 2025 GMT 1 s:O = TLS Fundamentals, CN = TLS Fundamentals Intermediate CA i:O = TLS Fundamentals, CN = TLS Fundamentals Root CA a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA256 v:NotBefore: Dec 5 12:16:10 2025 GMT; NotAfter: Dec 3 12:16:10 2035 GMT 2 s:O = TLS Fundamentals, CN = TLS Fundamentals Root CA i:O = TLS Fundamentals, CN = TLS Fundamentals Root CA a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA256 v:NotBefore: Dec 5 12:16:09 2025 GMT; NotAfter: Dec 3 12:16:09 2035 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIICwzCCAmqgAwIBAgIQMMvZLi8quT3QmIsn4NgfcDAKBggqhkjOPQQDAjBGMRkw FwYDVQQKExBUTFMgRnVuZGFtZW50YWxzMSkwJwYDVQQDEyBUTFMgRnVuZGFtZW50 YWxzIEludGVybWVkaWF0ZSBDQTAeFw0yNTEyMDUxMjE2MTFaFw0yNTEyMDYxMjE2 MTFaMCAxHjAcBgNVBAMTFWFkbWluLmltbWVyc2l2ZS5sb2NhbDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBANZ3bl6LliwxKY10jKAMcpBEb/GqrQJugR3+ sUD7JarTRNYKPG3rGuDbDabVytl8Oc8/VnTQuzulPyPeFSufsxki+3WgrFGBcK+5 mxoQrR7zAl0p4l+jzR6uSxnh5vSoMaPpnlIGqW6Ipw5SR5SGTyp4jSh/xwbxDY4U 8vKeIu1fvgAADRDrZ4XzUAlNGw6nTBdEj/TV03cbE7RDJwrsahi/w9pDi3vkeQCW ftD/ZMV7vLFrl5MkeFmKV2guI8+HBUXRt9fx6ilu5016Atzl5VMGDOOkufXNnZGq Sh3J2PCcR5uheFFllk9dkgwfqdNevqBgzL5VZUyxKzbv3tY/86ECAwEAAaOBlDCB kTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC MB0GA1UdDgQWBBRhm48B5yPrTvgjlo5f5bJPihOJ4TAfBgNVHSMEGDAWgBTVISkB T81TtwfzgFQI18fLxUMLIDAgBgNVHREEGTAXghVhZG1pbi5pbW1lcnNpdmUubG9j YWwwCgYIKoZIzj0EAwIDRwAwRAIgOf6y/oGxlmuKuLrGMzIjq+y2OgqVXThzXr2d x/CHgMICIFJhSxJSPeSIyobZKC0QmB+057ns1NI27oOMuR1fjax7 -----END CERTIFICATE----- subject=CN = admin.immersive.local issuer=O = TLS Fundamentals, CN = TLS Fundamentals Intermediate CA --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 2219 bytes and written 373 bytes Verification error: self-signed certificate in certificate chain --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 19 (self-signed certificate in certificate chain) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: DF37EF25B8F57F8A61A64BE228EC58AC2B113B991479961CBDAFC029B9482892 Session-ID-ctx: Resumption PSK: E230CD3D18A2BB48A51A7C04EE16FDAF79EFBEEA3D8605B70FFC0DEB68098CF355060AF8DF360EACFBC480C5B3AFE462 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 4a ac bb b1 83 bd fc b7-ed 94 ea db b1 10 60 48 J.............`H 0010 - 82 38 28 98 95 e3 7b 18-6f e7 0c c8 54 ef 3d 1f .8(...{.o...T.=. 0020 - b9 2c aa b2 b2 57 d8 5e-4e aa e9 75 c0 68 7c ce .,...W.^N..u.h|. 0030 - 00 c6 85 ae 2c 96 26 44-54 88 a1 d1 b0 58 a9 d3 ....,.&DT....X.. 0040 - 88 1c 2a d8 85 a3 f1 a2-09 a8 33 9e 1f b1 db af ..*.......3..... 0050 - 84 f9 92 b3 78 2c 17 7e-11 87 12 1c 49 81 e1 2d ....x,.~....I..- 0060 - 08 79 00 e8 9d bf 7e fb-10 41 ec 93 c1 5e 30 a4 .y....~..A...^0. 0070 - 61 92 2a 79 a2 09 2d 66-97 f8 d9 fa bb b3 c8 a2 a.*y..-f........ 0080 - d3 e3 ab bd 45 36 68 00-11 98 0e 68 ea 1e 52 ee ....E6h....h..R. 0090 - 08 7b 2b aa 80 42 31 b0-ec 9b 51 ae b1 ca cf ee .{+..B1...Q..... 00a0 - d8 bd c5 31 dd b9 22 c3-8a 0b 76 c3 a6 ca 50 e2 ...1.."...v...P. 00b0 - 2a 85 f8 9e 68 0b 13 cb-bf 92 c7 0e 4f ad 49 ab *...h.......O.I. 00c0 - c5 57 20 55 c5 47 6a b1-34 f1 1d 19 c3 5f 6f dd .W U.Gj.4...._o. 00d0 - c8 38 01 7c 62 11 74 ef-f1 17 15 6d a7 7a 7c d5 .8.|b.t....m.z|. Start Time: 1764942947 Timeout : 7200 (sec) Verify return code: 19 (self-signed certificate in certificate chain) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 6D76BD7F89AB457ACE03494B528103EF5A71D03E1434867610C4751172D68E4A Session-ID-ctx: Resumption PSK: 0CDCF4F49EB91C1A74B76442B31D70C8976BD6EA6ECD52B47BC84A10EE151BD8EFA32134A678784FB138B0AAB2F4DB21 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 4a ac bb b1 83 bd fc b7-ed 94 ea db b1 10 60 48 J.............`H 0010 - c6 a4 ef 5d c9 62 7a 08-15 66 b9 8c 24 1e f3 17 ...].bz..f..$... 0020 - b1 1f 84 10 60 b0 fb c7-2b 03 1d 79 2e 97 ca 52 ....`...+..y...R 0030 - 14 5c d8 aa 8b 3a ae 37-93 c0 73 dd c5 b7 7f f0 .\...:.7..s..... 0040 - 2a 1f 6a 14 25 8b d3 ed-3c 60 33 fb 11 64 05 26 *.j.%...<`3..d.& 0050 - b3 9f 9c 8f 64 23 ca b5-5a 13 c5 d2 22 5f 92 b6 ....d#..Z..."_.. 0060 - fd 40 9e b4 f0 5e 42 40-79 d5 18 c6 ba 6a 0e fe .@...^B@y....j.. 0070 - 7b 38 c5 9b 87 e9 b1 1b-e8 5d 98 7c a4 51 a6 9c {8.......].|.Q.. 0080 - d5 4a 75 40 22 b6 62 4f-00 b2 54 30 a1 3f 8d b8 .Ju@".bO..T0.?.. 0090 - 07 c2 6b 67 64 d2 c3 2d-e1 d1 ae 70 e3 0d 2b 54 ..kgd..-...p..+T 00a0 - f2 5f 4c 96 25 2c 77 43-1d a4 e8 67 0b 1e d0 10 ._L.%,wC...g.... 00b0 - 9f 40 cb 85 52 01 47 9d-07 0d c7 3c 7d 13 64 2f .@..R.G....<}.d/ 00c0 - ee 13 36 6e 7c 0b d7 16-d0 e6 94 ef f8 99 9e 16 ..6n|........... 00d0 - 95 c3 21 8a 3c af f4 4b-09 2d 14 a0 3d 22 58 db ..!.<..K.-..="X. Start Time: 1764942947 Timeout : 7200 (sec) Verify return code: 19 (self-signed certificate in certificate chain) Extended master secret: no Max Early Data: 0 --- read R BLOCK
IoT & Embedded Devices: Certificate Underpinning
I am also stuck on Step 5 and having trouble with the trigger. I have self-signed certs, an HTTP server listening on 443 (bound to 0.0.0.0) as well as a sniffer for anything coming from the target. I have tried to trigger the target to connect using: for i in {1..5}; do echo '{"Update":"1","ClientId":"AXG1337VFXL","Server Ip":"<KALI_IP>"}' | nc -u <TARGET_IP> 8080; sleep 2; done Can anyone point me in the right direction?
PowerShell Deobfuscation: Ep.10
I’ve been struggling with this script and I reached the point of VyN and key, but when I try to run it, I get an error as if the VyN function was not defined. But I don’t know how to define it Can anyone guide me on how to skip over this or how to solve this in CyberChef ?
Trick or Treat on Specter Street: Ghost of the SOC
Hi there, Am I right as obvious that it may seem that for me to login to Kibana, I need to access this through the Elastic IP address that I have entered in my browser? If so I'm getting the error message on my screenshot. I tried this a few days ago as well and the problem persisted then as well.Windows Sysinternals: ProcDump
Hi there, I'm a little stuck on Q9 and would greatly appreciate some help :-) I'm practically at the last stage, but stuck as to what sekurlsa module to use to analyse my .dmp file, to which I then know that I need to then enter the module sekurlsa:logonpasswords, but the step before that is getting me a little confused.
