This post covers how to read unencrypted FTP traffic from a Wireshark PCAP and file carving techniques to be able to recreate a file from a PCAP stream.ĭisclaimer: This post is meant for educational purposes only and any information obtained sholuld not be used for malicious purposes. So, I set up a simple FileZilla FTP server on my Windows machine and attempted to recreate the challenge so I could have documentation on how to perform some of the actions. The PCAP was taken from a user downloading a file from a misconfigured or outdated FTP server that didn’t have SSL/TLS encryption.
This post pertains to a prior Capture-The-Flag (CTF) competition I was competing in where one of the challenges was to read the text (or flag) of a file from a packet capture (PCAP).
0 kommentar(er)
