The Programmer’s Mistake
🔍 Details
| Attribute | Details |
|---|---|
| Challenge Name | The Programmer’s Mistake |
| Category | Networking |
| Difficulty | 🟠 Medium |
| Flag | F4H{2ZxirEUA1w**********} |
📝 Description
Tom and Bob are software engineers working on an internal company app exchanged credentials over HTTP connection.
Unknown to them, someone was watching the traffic.
Even worse, Tom, using the username fl4ghunt_admin, reuses the same credentials everywhere.
Find the leaked hashed password (MD5), crack it, and use it to log in to Tom’s Pastebin (opens in a new tab).
📥 Download internal_app.pcapng
🧩 Hints
- In Wireshark, filter for HTTP POST requests.
- MD5 isn't as strong as they thought - a simple online decoder will do the trick.
💡 Solution
This challenge involves intercepting credentials sent via an unencrypted HTTP POST request.
- Open the provided
.pcapngfile in Wireshark. - Apply the following filter to locate the HTTP POST request:
http.request.method == "POST"-
There is only one POST request to a login endpoint. Right-click on the request and select
Follow → HTTP Stream. -
This reveals the submitted credentials. The username is fl4ghunt_admin and the password is MD5-hashed.
-
Copy the MD5 hash and crack it using an online tool like CrackStation (opens in a new tab). The password is:
letmein123. -
Use the cracked password to log in the Pastebin and view the flag.
📚 Insights
This challenge illustrates the risks of transmitting sensitive information over unencrypted HTTP connections.
- HTTP does not provide encryption. Any data sent, including usernames and passwords, is visible to anyone monitoring the traffic.
- MD5 is a weak hashing algorithm that is no longer considered secure. It is vulnerable to brute-force attacks using precomputed hash databases or dictionary attacks.
- Wordlists like
rockyou.txtare commonly used in password cracking tools. Many weak or reused passwords, such asletmein123, are included in these lists. - Reusing credentials across multiple services increases the impact of a single leaked password.
- Tools like Wireshark allow analysts to inspect traffic, apply filters, and follow HTTP streams to reconstruct credential submissions and data transfers.
- Recognizing insecure practices, such as sending credentials via POST over HTTP or storing passwords as MD5 hashes, is essential for both attackers and defenders.