MicroServices - 0_Intrusion

TamuCTF 2019 - Forensic (100 pts).

Challenge details

Event Challenge Category Points Solves
TamuCTF 2019 MicroServices - 0_Intrusion Forensic 100 803

Download: microservice.pcap - md5: 18d2c48f5d03d5faa5cb4473f9819b4b

Description

Welcome to MicroServices inc, where do all things micro and service oriented! Recently we got an alert saying there was suspicious traffic on one of our web servers. Can you help us out?

  1. What is the IP Address of the attacker?

microservice.pcap - md5: 18d2c48f5d03d5faa5cb4473f9819b4b

TL;DR

I used wireshark to get the @IP with the most occurences.

Methology

For this flag I don’t have any real analysis, I just opened the PCAP file and looked at the different TCP conversations. The IP that sends the most data and voila:

0_intru_chall11.png Fig 1: Malicious IP

Flag: 10.91.9.93

Flag

10.91.9.93

Maki