Written
on
HTTP Basic Auth (Let's Defend)
Challenge Write-up (Easy)
Lessons Learned:
Analyze HTTP traffic using WireShark
The Challenge:
We receive a log indicating a possible attack, can you gather information from the .pcap file?
- How many HTTP GET requests are in pcap?
- Method: Filter the pcap using ‘http’ and count the number of “GET”
- Answer: “5”
- What is the server operating system?
- Method: Follow the HTTP stream.
- Answer: “freebsd”
- What is the name and version of the web server software?
- Method:
- Answer: “Apache/2.2.15”
- What is the version of OpenSSL running on the server?
- Method: Follow the HTTP stream.
- Answer: “OpenSSL/0.9.8n”
- What is the client’s user-agent information?
- Method: Follow the HTTP stream.
- Answer: “Lynx/2.8.7rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.8n”
- What is the username used for Basic Authentication?
- Method: Inspect the last HTTP GET packet and under the HTTP header, it will indicate the credential used.
- Answer: “webadmin”
- What is the user password used for Basic Authentication?
- Method: Inspect the last HTTP GET packet and under the HTTP header, it will indicate the credential used.
- Answer: “W3b4Dm1n”