Shiba Insider

1. What is the response message obtained from the PCAP file? (1 points)

   Answer: use your own password

2. What is the password of the ZIP file? (1 points)

   The following is the packet header:

   Authorization: Basic ZmFrZWJsdWU6cmVkZm9yZXZlcg==
   

   Decoding the base64 string with CyberChef gives us the auth information: `fakeblue:redforever

   Answer: redforever

3. Will more passwords be required? (1 points)

   Answer: No

4. What is the name of a widely-used tool that can be used to obtain file information? (1 points)

   Answer: Exiftool

5. What is the name and value of the interesting information obtained from the image file metadata? (1 points)

   sudo apt install libimage-exiftool-perl
   exiftool ./ssdog1.jpeg
   

   Answer: Technique.Steganography

6. Based on the answer from the previous question, what tool needs to be used to retrieve the information hidden in the file? (1 points)

   Answer: Steghide

7. Enter the ID retrieved. (1 points)

   sudo apt install steghide
   steghide extract -sf ./ssdog1.jpeg
   

   Answer: 0726ba878ea47de571777a

8. What is the profile name of the attacker? (3 points)

   The question is referring to the BTLO profile, available at https://blueteamlabs.online/home/user/0726ba878ea47de571777a.

   Answer: bluetiger

---

Tags

1. wireshark (Private)
2. pcap (Private)
3. stego (Private)