[Securityoverride.com] Forensics Level 3
The following is a wireshark trace file of an SMTP authentication forensics3.rar.
Find the username and password of the SMTP authentication and enter it below to receive credit.
Username:The server IP is 192.168.0.1 and client IP is 192.168.0.3
Wireshark is a network protocol analyzer for Unix and Windows and can be downloaded here
Để có thể giải được level 3... Bạn cần tìm hiểu 1 chút về SMTP Authentication
Rồi, sau khi nghiên cứu... ta bắt đầu nào
9 0.430619 192.168.0.1 192.168.0.3 SMTP S: 334 VXNlcm5hbWU6
10 0.430619 192.168.0.3 192.168.0.1 SMTP C: QXVkaQ==
11 0.430619 192.168.0.1 192.168.0.3 SMTP S: 334 UGFzc3dvcmQ6
12 0.430619 192.168.0.3 192.168.0.1 SMTP C: MTIzNGFk
Thử nào :))
Vấn đề rút ra là
Extended SMTP (ESMTP), sometimes referred to as Enhanced SMTP, is a definition of protocol extensions to the Simple Mail Transfer Protocol standard. The extension format was defined in IETF publication RFC 1869 (1995) which established a general structure for all existing and future extensions.
The SMTP-AUTH extension provides an access control mechanism. It consists of an authentication step through which the client effectively logs in to the mail server during the process of sending mail.
This LOGIN authentication method encrypts the user's name and password using the Base64 encoding scheme. Because decrypting a Base64-encoded string is trivial, LOGIN is not considered a secure authentication method and should be avoided.