T3AM_VI3W3R
T3AM_VI3W3R
Proof of flag
DCTF{74a0f35841dfa7eddf5a87467c90da335132ae52c58ca440f31a53483cef7eac}
Summary of the vulnerabilities identified
Analysis on the VNC protocol.
Proof of solving
After firing up Wireshark and Loading the provided .pcapng, we filter for the VNC protocol. We follow the TCP stream of the first entry and we find out that it spells out words with doubled letters.
The stream can be saved for later processing in a .txt format. We get rid of the extra letters and dots and we end up with a message that says :
The standard chunk of Lorem Ipsum used since the 1500s is reproduced below for those interested Sections 11032 and 11033 from de Finibus Bonorum et Malorum by Cicero are also reproduced in their exact original form, accompanied by English versions from the 1914 translation by H Rackham
DCTF{74a0f35841dfa7eddf5a87467c90da335132ae52c58ca440f31a53483cef7eac}
Why do we use it?
It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout The point of using Lorem Ipsum is that it has a more-or-less normal distribution of letters, as opposed to using Content here, content here, making it look like readable English Many desktop publishing packages and web page editors now use Lorem Ipsum as their default model text, and a search for lorem ipsum will uncover many web sites still in their infancy Various versions have evolved over the years, sometimes by accident, sometimes on purpose (injected humour and the like)
Where does it come from?
Contrary to popular belief, Lorem Ipsum is not simply random text It has roots in a piece of classical Latin literature from 45 BC, making it over 2000 years old Richard McClintock, a Latin professor at Hampden-Sydney College in Virginia, looked up one of the more obscure Latin words, consectetur, from a Lorem Ipsum passage, and going through the cites of the word in classical literature, discovered the undoubtable source Lorem Ipsum comes from sections 11032 and 11033 of de Finibus Bonorum et Malorum (The Extremes of Good and Evil) by Cicero, written in 45 BC This book is a treatise on the theory of ethics, very popular during the Renaissance The first line of Lorem Ipsum, Lorem ipsum dolor sit amet, comes from a line in section 11032
The standard chunk of Lorem Ipsum used since the 1500s is reproduced below for those interested Sections 11032 and 11033 from de Finibus Bonorum et Malorum by Cicero are also reproduced in their exact original form, accompanied by English versions from the 1914 translation by H Rackham
Where can I get some?
There are many variations of passages of Lorem Ipsum available, but the majority have suffered alteration in some form, by injected humour, or randomised words which dont look even slightly believable If you are going to use a passage of Lorem Ipsum, you need to be sure there isnt anything embarrassing hidden in the middle of text All the Lorem Ipsum generators on the Internet tend to repeat predefined chunks as necessary, making this the first true generator on the Internet It uses a dictionary of over 200 Latin words, combined with a handful of model sentence structures, to generate Lorem
Ipsum which looks reasonable The generated Lorem Ipsum is therefore always free from repetition, injected humour, or non-characteristic words etc
A pplicat tions Plac es: @ wires hark đ Dec 7 19: 49
File Edit View Go Capture Analyze Statistics Telephone / Wireless Tools Help 5
_ - -
A 6 0110 7773 2 3 * * 1 × L
Apply a display filter <ctrl- > >
No. Tag Time Source Destination Protocol Length Info
17 709 1706. 469846 Inte 100r_99:d 0:ef Air net_ff :ff:00 WLCCP 74 U, fun Server c=UI; SNAP, ( OUI 0x00 4096 (C isco Sy
12 246 904.8 70989 192. 168.100.7 192 168.10 0.21 VNC 82 Server frameb uffer paramet ers[Mal formed Packet]
12 246 904.8 63292 192. 168.100.7 192 168.10 0.21 VNC 82 Server frameb uffer paramet ers[Mal formed Packet]
12 246 904.8 50102 192. 168.100.7 192 .168.10 0.21 VNC 82 Server frameb uffer paramet ers[Mal formed Packet]
12 246 904.8 38267 192. 168.100.7 192 .168.10 0.21 VNC 82 server frameb utter paramet ers[Mal formed Packet
12 246 904.8 17256 192. 168.100.7 192 168.10 0.21 VNC 82 Server frameb uffer paramet ers[Mal formed Packet ]
12 246 904.8 09256 192. 168.100.7 192 168.10 0.21 VNC 82 Server frameb uffer paramet ers[Mal formed Packet]
12 246 904.7 97980 192. 168.100.7 192 168.10 0.21 VNC 82 Server frameb uffer paramet ers[Mal formed Packet]
12 246 904.7 82853 192. 168.100.7 192 168.10 0.21 VNC 82 Server frameb uffer paramet ers[Mal formed Packet]
12 246 904.7 72643 192. 168.100.7 192 .168.10 0.21 VNC 82 Server frameb uffer paramet ers[Mal formed Packet]
12 246 904.7 62042 192. 168.100.7 192 .168.10 0.21 VNC 82 Server frameb uffer paramet ers[Mal formed Packet
12 240 904.7 01081 41427 192. 169 100.7 192 169 10 0.21 VNC 82 Server frameb uffer paramet ers[Mal formed Packet]
12 246 904.7 31090 192. 168.100.7 192 .168.10 0.21 VNC 82 Server frameb uffer paramet ers[Mal formed Packet]
12 246 904.7 20670 192. 168.100.7 192 168.10 0.21 VNC 82 Server frameb uffer paramet ers[Mal formed Packet]
12 246 904.7 10031 192. 168.100.7 192 168.10 0.21 VNC 82 Server frameb uffer paramet ers[Mal formed Packet]
12 246 904.6 99760 192. 168.100.7 192 168.10 0.21 VNC 82 Server frameb uffer naramet ers[Ma] formed Packet ]
► Transition Frances ► Vis ► [Minutes ansmis:rtual <mark>alform</mark> sion CoNetworked Pack ntrol FComput Protocol, Src Fort: 3354 0, Dst Port: 5900, Sieq: 57 675, Ack: 67 , Len: 16
0000 08 0 9 27 a 4 5b 63 3 64 06 6a fb d5 b9 08 8 00 4 5 00 ···'·[cod∙j · · · E ·
0010 00 4 64 1 4 32 21 5 83 0 9 40 00 4 17 00 9 40 06 C 1C 16 93 b7 C0 a8 64 ec 64 45 i 07 Ci i 23 8i 9 a8 9 18 d g dE#··
0030 01 f 6 a3 2 0 00 00 0 01 01 08 0a a6 ad 13 a8 0 9 14
0040 4a 3 C 04 0 1 00 00 00 00 00 0a 04 00 00 00 00 3 00 J<
0050 00 0 a
0 🗶 t3a am_vi3v v3r.pcapng Packets: 2 205969 (Displayed: 20)5969 (100.0%) Profile: Default
A oplicat ions Plac es wires hark đ Dec 7 19: 49
Wiresha rk∙Follow TCP Stream (to p.stream eq 413) - t3am n_vi3v /3r.pcapng
pc .v ( ····· C o t 0 n. n t t r · · · · · · · .a a r .r y ^
