Puzzle #1: Ann’s Bad AIM

daydreamtalker 2024. 4. 28. 01:59

Problem

Anarchy-R-Us, Inc. suspects that one of their employees, Ann Dercover, is really a secret agent working for their competitor. Ann has access to the company’s prize asset, the secret recipe. Security staff are worried that Ann may try to leak the company’s secret recipe.

Security staff have been monitoring Ann’s activity for some time, but haven’t found anything suspicious– until now. Today an unexpected laptop briefly appeared on the company wireless network. Staff hypothesize it may have been someone in the parking lot, because no strangers were seen in the building. Ann’s computer, (192.168.1.158) sent IMs over the wireless network to this computer. The rogue laptop disappeared shortly thereafter.

“We have a packet capture of the activity,” said security staff, “but we can’t figure out what’s going on. Can you help?”

You are the forensic investigator. Your mission is to figure out who Ann was IM-ing, what she sent, and recover evidence including:

1. What is the name of Ann’s IM buddy?

2. What was the first comment in the captured IM conversation?

3. What is the name of the file Ann transferred?

4. What is the magic number of the file you want to extract (first four bytes)?

5. What was the MD5sum of the file?

6. What is the secret recipe?

경쟁사 스파이로 의심되는 직원 Ann의 행동을 관찰하고 있지만 딱히 의심스러운 움직임이 없던 차, 알 수 없는 컴퓨터가 회사 네트워크에 잠깐 나타났는데 Ann의 컴퓨터(192.168.1.158)가 거기에다 IM(=instant messaging)을 보냈다고 한다. 나는 법의학 수사관이고, 그 당시의 패킷 캡쳐를 가지고 증거 6개를 찾아내야 한다.