By: CyberSecJess
The WiCyS x Amazon On-Site CTF was a multi-city, two-day challenge held on November 14th and 15th across Arlington, VA; New York, NY; and Seattle, WA.
Participants individually tackled a range of challenge categories — Jeopardy style — such as web exploitation, networking, cryptography, and steganography, to name a few. Despite the CTF’s solo format, it fostered friendly collaboration among participants and allowed for networking, which was probably what I enjoyed the most. While I have participated in various virtual CTFs, this was my first in-person event, and it was an incredible experience. I had the chance to connect with some amazing people in the field — or on their way there, like me.
During the CTF, there were various challenges in that stood out to me — not because of their difficulty, but because of what they taught me along the way. Let’s start with a forensics challenge!
Forensics Challenge — “Sniff Sniff”
The forensics challenge involved analyzing a pcap file in Wireshark, with a hint suggesting that exporting objects would play a role. The pcap in question contained both TCP and FTP packets, which makes sense because FTP relies on TCP for file transfers. The first packet of interest was a response from the FTP server as seen below. Although, this information was not absolutely necessary to obtain the flag, it demonstrated what FTP login credentials look like in cleartext. In this case, we can see a successful login for user “goodboi”. Seeing credentials in cleartext for FTP is only possible because standard FTP does not encrypt its traffic. This would not be the case if a secure protocol like SFTP was used, as it encrypts both the credentials and data being transferred…….
Follow this LINK for the full article with images from the challenges!