LetsDefend : Disclose The Agent


We reached the data of an agent leaking information. You have to disclose the agent.

Download the PCAP file provided and view it on Wireshark.

To find email traffic we can filter out the SMTP protocol.

What is the email address of Ann’s secret boyfriend?

From browsing through the SMTP filtered list we can see the Ann had sent emails to two different users. We can follow the TCP stream to find more details.

First email

Second email

What is Ann’s email password?

From the SMTP TCP stream we are able to view the authentication process of the SMTP server. This can be seen with the HELO/EHLO syntax.

The password is base64 encoded and can be decoded to find the plaintext password.

What is the name of the file that Ann sent to his secret lover?

We can find the name of the file by viewing the TCP stream of the email or exporting IMF (Internet Message Format) files.

In what country will Ann meet with her secret lover?

By exporting the email itself we can view the file attachment.

The location is indicated in the doc file.

What is the MD5 value of the attachment Ann sent?

Find the hash of the email attachment with certutil.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (



%d bloggers like this: