Passing on Complexity
TYPE: TRAFFIC ANALYSIS PCAP
Challenge
ESU's IT staff swears up and down that the backup user's password is secure and follows best practice. Their internal auditors are not convinced and are asking for your help to determine the backup user's password at the time of the breach.
Submit the flag as flag{password}.
Use the packet capture from Scans.
Solution
Another PCAP file. This time much larger. Let's download and open it with Wireshark.
First I searched for mysql and there were a lot of entries. Since the file was 30 MB, I didn't want to waste time looking at all the entries.
Then I remembered that we should find the password for the backup user. So maybe it is possible to find the mysqldump command .
And here it is in frame 91643
Best password ever: backup123
Easy 50 points for the team
flag{backup123}