As always, forensics challenges draw my attention first - there’s a satisfying feeling that all of the answers are within what ever artefact you have with you.
The “league of assassins” is a beginner challenge that requires analysis of a pcap file and is avaiable at this link. The challenge text says
You are a field agent tailing a League of Assassins operative. The assassin just got the name of his target and needs to scope him based on available online information. So, he starts using free WiFi provided by Moonbucks coffee shop. The WiFi network is not using any security and is open to all. He is browsing the internet while enjoying his coffee while you are capturing the WiFi traffic. While you were busy with your sniffer set up, he took off. Now, the only way to stop the assassination is to find the target individual by analyzing the captured traffic and warning him in advance.
Questions:
Who is the target individual?
While analyzing the traffic did you find anything which can help to get an idea of his next plans?
Launching the challenge loads up a linux VM with the pcap already loaded in wireshark.
The wifi network does not use any security, so we should see some unencrypted traffic. Since the assassin is looking at websites, lets filter out all the HTTP traffic by applying the http filter
Success - we see multiple HTTP streams in the capture. Looking at the streams, we see the assassin accessing www.davidbeckham.com - so, that’s the probable target.
In another stream, we see the assassin search cleartip.com for flight tickets - one of the requests shows the from/to as well as the dates
We see the assassin searching for tickets betweek JFK (New York) and DME (Domodedovo - Moscow).
Concluding the challenge with the following flags:
Flag 1: Beckham
Flag 2: Russia
So long then, on to the next one :)
p.s - this was easy, so posting the answer. Going forward, I will not post solutions until the challenge gets retired.