HackTheBox: Forensics Challenge, MarketDumpWalkthrough

2 min readApr 8, 2020

--

We have got informed that a hacker managed to get into our internal network after pivoiting through the web platform that runs in public internet. He managed to bypass our small product stocks logging platform and then he got our costumer database file. We believe that only one of our costumers was targeted. Can you find out who the customer was?

Hello!

This is a very easy challenge!

Started by unzipping as usual and a pcap file appears! Wireshark is the first thing that will come to your mind,let’s open it

As the description stated, I filtered the output to be http.

X-sql seems interesting! let’s go to the TCP stream and figure out

All of them is numbers except one, Bingo!

Another way to find the string is using the command line

just type

strings MarketDump.pcapng | less

and it will appear

Go to the great CyberChef https://gchq.github.io/CyberChef/ and use the magic to decode it, the flag will appear as a result.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Written by Nouf

PenTester & Challenges Solver

No responses yet

Write a response

What are your thoughts?

Also publish to my profile

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams