This data is related to any attack.
calculate the md5sum of the intended file.
(calc md5 uppercase)
The provided binary is a PCAP file containing bunch of HTTP traffic and some SMB chatter. The question mentions an attack. Since it's heavy on HTTP usage then it made sense to get a list of all requests. Two strange requests stand out:
GET /H1A1.html HTTP/1.1
GET /H1A1.exe HTTP/1.1
Carving out (using Wireshark's "Follow TCP Stream" -> "Save As") the "H1A1.exe" response and removing the HTTP response header we end up with a regular PE file. Next, calculate its MD5 checksum and convert to upper case.
The answer is:
7A5807A5144369965223903CB643C60E
No comments:
Post a Comment