After hacking a victim's computer, Luciafer downloaded several files, including two binaries with identical names, but with the extensions .exe and .bin (a Windows binary and a Linux binary, respectively).
What are the MD5 hashes of the two tool programs? Submit both hashes as the flag, separated by a |: flag{ExeMD5|BinMD5}
Use the PCAP from LYTTON LABS 01 - Monstrum ex Machina.
This time we filter the packet capture by ftp-data
Scrolling through the packets we can see;
First we select one of the packets relating top the file lytton-crypt.exe and Follow TCP Stream;
Then we change the data to be in RAW format
And click the Save as... button saving the file as lytton-crypt.exe
We then repeat the process for the lytton-crypt.bin file.
Select one of the packets relating top the file lytton-crypt.bin and Follow TCP Stream;
Then we change the data to be in RAW format
And click the Save as... button saving the file as lytton-crypt.bin
Now we have both files exported, we can run;
❯ md5sum lytton-crypt.*
8a84e7153aa083b66cd89c652bef27da lytton-crypt.bin
9cb9b11484369b95ce35904c691a5b28 lytton-crypt.exe