https://tryhackme.com/room/tsharkchallengesone
Created by: tryhackme, DrGonz0
I have just recently completed the two rooms referred to above and wanted to learn some more with tshark! This is where taking notes comes in handy. I referred back to the previous rooms note to assist. We are also going to be using virustotal for some of our other answers.
“Investigate the contacted domains.
Investigate the domains by using VirusTotal.
According to VirusTotal, there is a domain marked as malicious/suspicious.
What is the full URL of the malicious/suspicious domain address?
Enter your answer in defanged format.”
“When was the URL of the malicious/suspicious domain address first submitted to VirusTotal?”
“Which known service was the domain trying to impersonate?”
Paypal
“What is the IP address of the malicious domain?
Enter your answer in defanged format.”
Also, just to show how many we see in our log file.
“What is the email address that was used?
Enter your answer in defanged format. (format: aaa[at]bbb[.]ccc) “”
With POST, we are obtaining the user input(email!). And to narrow down the search, we can use grep.
“Congratulations! You have finished the first challenge room, but there is one more ticket before calling it out a day!”
Now it’s time to tackle the 2nd Tshark challenge!
https://tryhackme.com/room/tsharkchallengestwo