Ghost IP | Network Forensics | Wireshark | H7CTF 2024

on

Ghost IP | Network Forensics | Wireshark | H7CTF 2024

Ghost IP

Description

Someone is trying to scan my server in my local network.I can’t seem to figure out which is Attacker’s real IP address. Will you be my investigator to find the culprit.

Solution

The task is to find the attacker's real IP address.

We are given a pcap file. Let's open it with wireshark tool.

 


There are multiple IPs with lot of fragmented packets.To find the real IP , we must check to which IP address the victim is responding.

Filter for that is: ip.src == 192.168.1.11

There are 2 IPs to which the victim IP has responded. One is 192.168.1.11 which is the victim itself and 192.169.1.9 which is the attacker's real IP address.

Flag is H7CTF{192.169.1.9}

 You could check out the official writeup of Boot2Root challenges here: Boot2Root

 

Comments

Post a Comment