Forensic Challenge 11 - Dive Into Exploit

02 Aug 2012

Challenge 11 - Dive Into Exploit (provided by Georg Wicherski from Giraffe Chapter)

Skill Level: Advanced

  1. What vulnerability is being exploited in the given packet capture? Can you identify the exploit?
  2. How does the first stage load the second stage?
  3. Elaborate the cryptographic security (or absence thereof) of the second stage. How does it load the third stage?
  4. How does the third stage load the last stage? Please reconstruct the original last stage before being loaded.
  5. Where is the secret message located and what does it say?
  6. Please explain why an attacker might deliver his payload in this way.

Only submissions answering all six questions correctly will be considered. The most accurate submission wins. If there is no correct submission within two months since this challenge has been posted, the challenge will be
closed without a winner.

This work by Georg Wicherski is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.

The Winners
1. Ruud Schramp
1.5. Carl Pulley

Attachment Size
fc.pcap 198.37 KB
1340832859_HoneynetFC11_RSchramp_NFI.zip 3.24 MB
1341138564_carlpulley-challenge11.pdf 308.74 KB