Mi5 Security challenge
OK, before anyone gets the wrong idea. I did not literally hack MI5.
I guess the title is a little click baity, granted.
I was actually on the MI5 website after seeing a documentary about the UK’s secret service, and came across a challenge on the ‘careers’ section.
At first I thought it was some interactive flash puzzle where you have to fit the squares to order, but if you click on the image it actually hyperlinks to a pcap file (network trace).
So from there I downloaded the file, and fired up wireshark
I noted some SMTP flows…
I then followed the TCP Stream and could see an email conversion.
As you can see, there is a password.
Pretty easy stuff I guess, but then there are plenty of people around who would send an email with a password in plain view (have you ever done that?)
So next it was a case of finding what the password was for.
Later down the trace, I found another SMTP stream and lo and behold, a base64 encoded rar file that had been attached to the email….
I dumped this file out and cleared all of the stuff we don’t need…
From there it was a case of decoding this raw file from base64.
Python of course is the obvious choice. I found there is library for base64 de/encoding, so I knocked up a very quick rudimentary script:
import base64, re, sys infile = open(sys.argv, 'r') outfile = open(sys.argv, 'wb') for line in infile: encoded64 = line.rstrip() decoded64 = base64.b64decode(encoded64) outfile.write(decoded64); infile.close() outfile.close()
I then used the script to decode ‘backup.rar’, by using the password from the first TCP flow and out came four files on the other end…
After this I worked out how to get the ‘secret messages’ from the files.
I will leave that up to the reader to work out, and in turn leave some quality control in place for anyone going forward for an interview.