Please ask questions ONLY in this topic.

One of your best friends has reason to believe that his girlfriend has been cheating on him. He thinks that she's been sending emails back and forth with this other guy, but he has no for sure proof. Now it's your turn to show him what a valuable friend you are!

Re: Please ask questions ONLY in this topic.

Post by impulse_x on Fri May 17, 2013 5:57 am
([msg=75631]see Re: Please ask questions ONLY in this topic.[/msg])


When using wireshark, I'm supposed to filter by HTTP, but what if I'm originally logged on in HTTPS? Since all the
stuff are encrypted, I filter via ssl; but I can't read any of the encrypted stuff.

I've searched google for help on decrypting ssl handshakes and application data but that's completely above my
head and I don't see anyone saying anything about SSL on this thread.

And now, i don't even know how to go back to HTTP for

Any help appreciated.


Edit: I've completed this mission. Just forgot to post here as well as having forgotten how I figured it out. :(
New User
New User
Posts: 19
Joined: Fri May 10, 2013 4:57 am
Blog: View Blog (0)

Re: Please ask questions ONLY in this topic.

Post by agentStag on Sat Mar 07, 2015 7:37 am
([msg=87053]see Re: Please ask questions ONLY in this topic.[/msg])

Hi guys, I have finally completed the mission.

I didn't use wireshark but the posts here suggest that it can be of help if you are stuck(do download it if you can, it will be useful for a person who visits this website).

Seems like most people are/were stuck at the c*****.*** file. The information given on that file on how should sections of it be removed was not necessary. So just think about how are variables separated on a URL and keep doing that until the end. Only worry about the first line, if you get that one right, it'll all be good.

The actual login isn't anything special so just get in.
A decompiler is needed and i used this one: It's all done online.

I hope this post helps(if i tell you more about that file, i'll spoil it).Contact me if you are still stuck. Good luck :geek:
New User
New User
Posts: 5
Joined: Tue Dec 23, 2014 5:11 pm
Blog: View Blog (0)

Wireshark help

Post by scaum2 on Mon Jan 04, 2016 5:37 pm
([msg=91144]see Wireshark help[/msg])

Hey guys,

I'm looking for some help with wireshark... got to the login page and seems obvious there is a file hidden somewhere used for identication. So i tried to use wireshark and "sniff" the location but i can't get it to work properly. After few hours of unsuccessfull trials, i find a youtube video showing EXACTLY what I did and indeed obtenaing the answer i was looking for.

Could someone give me a detailed explanation on how to find THE packet with the file location using wireshark ? I've been trying every option i could find and this exact packet seems to never appear.


EDIT : after looking a solution on Youtube (I know it's bad), I can see that the guy is connected to http://hack..../16 and not httpS://... I guess that could be the reasn why wireshark can't sniff the GET packet that would then be encrypted... but i can't connect to the http. Is there a way to "bypass" the redirection and get to the http and not https ? Is the challenge still doable with https ?
New User
New User
Posts: 1
Joined: Sun Jan 03, 2016 8:06 pm
Blog: View Blog (0)

Re: Please ask questions ONLY in this topic.

Post by Starman11 on Tue Nov 07, 2017 12:10 pm
([msg=94894]see Re: Please ask questions ONLY in this topic.[/msg])

I hope this isn't spoiling it, I don't see why it would, but I've found that other c***** file with a***_p*** which I am guessing is the admins. Anyhow, I'm not sure where to go from here. I know how to pass values in the URL, for example, name=Billy&age=10, but I don't know which variables the challenge is looking for, I'm pretty sure *where* to put them though. A little nudge in the right direction would be appreciated, if any of you still visit this ghost town that is.

I can see that a***.php shows a*****=***** but again, I don't know how to connect these files together.

Yeah so I've figured out what to register as, and I've changed the c*****.txt to what I want, but the semi colon is still there, how do I get rid of that? :? I've tried using a poison null byte but that didn't work. I've looked at my keyboard but no character is popping out at me, am I blind?
Experienced User
Experienced User
Posts: 60
Joined: Wed Jul 27, 2016 9:07 am
Blog: View Blog (0)

Re: Please ask questions ONLY in this topic.

Post by why tspace on Tue Feb 20, 2018 6:12 pm
([msg=95291]see Re: Please ask questions ONLY in this topic.[/msg])

I struggled for a long time on this one. I had missed the second special comment in the HTML on a particular page that Monica hinted at earlier.

Once you have that, combined with your analysis of the HTTP requests (any modern browser's dev tools include a tool for looking at network traffic. Wireshark isn't the most accessible tool for this mission, esp since we're in the 2010s), I tried registering as a bunch of users, which helped me understand how to properly replace the ***f*g.*** file.

I have no idea how people would do this without a flash decompiler for the other flash object. For reference, an open source one that transforms the .swf to an .xml file is swfmill.

A sample invocation looks like "swfmill swf2xml ch***_****l.swf ch***_****.xml", where the *s are of course to prevent spoilers.

This mission was shorter than some of the other harder ones, but it was still fun. Did anyone else feel like it was wrong to hack into someone else's email?
why tspace
New User
New User
Posts: 13
Joined: Sun Feb 11, 2018 10:31 pm
Blog: View Blog (0)


Return to (Real 16) Simple Mail

Who is online

Users browsing this forum: No registered users and 0 guests