22 June 2011

[Securityoverride.com] Forensics Level 3

Bài viết liên quan:

Level 1
Level 2
Level 3

The following is a wireshark trace file of an SMTP authentication forensics3.rar.
Find the username and password of the SMTP authentication and enter it below to receive credit.

The server IP is and client IP is
Wireshark is a network protocol analyzer for Unix and Windows and can be downloaded here

Để có thể giải được level 3... Bạn cần tìm hiểu 1 chút về SMTP Authentication

Rồi, sau khi nghiên cứu... ta bắt đầu nào

9    0.430619    SMTP    S: 334 VXNlcm5hbWU6
10    0.430619    SMTP    C: QXVkaQ==
11    0.430619    SMTP    S: 334 UGFzc3dvcmQ6
12    0.430619    SMTP    C: MTIzNGFk

Thử nào :))
Vấn đề rút ra là

Extended SMTP (ESMTP), sometimes referred to as Enhanced SMTP, is a definition of protocol extensions to the Simple Mail Transfer Protocol standard. The extension format was defined in IETF publication RFC 1869 (1995) which established a general structure for all existing and future extensions.

The SMTP-AUTH extension provides an access control mechanism. It consists of an authentication step through which the client effectively logs in to the mail server during the process of sending mail.

This LOGIN authentication method encrypts the user's name and password using the Base64 encoding scheme. Because decrypting a Base64-encoded string is trivial, LOGIN is not considered a secure authentication method and should be avoided.


Post a Comment

Để lại góp ý của bạn để blog của mình hoàn thiện hơn :))