80 http

I saw that the website has url like shown below:

http://$cap/data/2

Looks like 2 refers to something. Let's check if we can see other user data by changing value.

wfuzz -c -w /usr/share/wordlists/dirb/common.txt -u http://$cap/data/FUZZ --sc 200

We can see that size is different for "00" and "0" chars.

Analysing PCAP file

Now download the file and analyse it.

Let's view the content of the file by right-clicking on packet data > Follow > TCP Stream.

Content like this will appear. It shows which data was transferred. Looking at the content. I can say that the User can upload pcap file to analyse it.

A line on the left shows that One complete transaction has used these many packets.

Let's see the other packet. At the bottom, I saw packets related to FTP services. I analyzed it and found the password of the FTP user.

username: nathan
password: Buck3tH4TF0RM3!

ftp $cap

PreviousCap [Unsolved]

Last updated 10 months ago

Was this helpful?

hashtagAnalysing PCAP file

hashtagLogin to FTP with the password

Analysing PCAP file

Login to FTP with the password