Subhankar210
diff --git a/‎INShAck-2019/Industrial-process/README.md‎
Lines changed: 57 additions & 0 deletions b/‎INShAck-2019/Industrial-process/README.md‎
Lines changed: 57 additions & 0 deletions
diff --git a/‎INShAck-2019/Industrial-process/bytes.png‎
84.6 KB b/‎INShAck-2019/Industrial-process/bytes.png‎
84.6 KB
diff --git a/‎INShAck-2019/Industrial-process/nope.png‎
14 KB b/‎INShAck-2019/Industrial-process/nope.png‎
14 KB
diff --git a/‎INShAck-2019/Industrial-process/pcap‎
47.7 KB b/‎INShAck-2019/Industrial-process/pcap‎
47.7 KB
diff --git a/‎INShAck-2019/Industrial-process/pdus.txt‎
Lines changed: 212 additions & 0 deletions b/‎INShAck-2019/Industrial-process/pdus.txt‎
Lines changed: 212 additions & 0 deletions
@@ -0,0 +1,57 @@
+# Industrial process
+
+
+__Description__
+
+In company XXX, we have a big expertise in laser cutting and we are well informed about cybersecurity. We have setup a small honeypot to simulate the cut of some pieces. In our fake process, we have manufactured 25 pieces of 1 meter by 1 meter. We have found this really weird file thanks to a super effective detection tool. There was also a weird string :
+
+893c539a84e6c96acf5f2ceea2ad9ef7be895580
+
+This flag follow the following format : INSA([A-Z]*). Please submit it as INSA{$1}, for example if you find INSAAZERTY, submit INSA{AZERTY}. [Weird File](tempList.txt)
+
+
+__SOLUTION__
+
+At first I thought that it was a hash and we have to crack the hash. I didn't even looked at the given file.
+
+After a while I realized that we are given a file(:facepalm:).
+
+When I googled the strings/hash I came across this tool called [Cloakify](https://github.com/TryCatchHCF/Cloakify/).
+Okay so that mean we have to use that tool somehow to proceed.
+
+Reading the `README` file I realized what was supposed to be done.
+Basically the given file will turn out to be something else when we will `decloakify` it.
+
+```bash
+➜ python2 decloakify.py tempList.txt ciphers/worldFootballTeams > pcap
+```
+
+This will give us a PCAP file.
+When we open the file it give us some error about missing bytes, I thought WE'll have to fix that issue but then __@unblvr__ explained what might happened.
+
+According to him
+```
+There's no missing data per se, it's just that the file stops suddenly
+it could just be due to the creation process
+I bet they didn't sniff some modbus connection, but crafted this with scapy or something
+```
+
+Okay that mean we didn't have to fix the PCAP then what do we do.
+
+Well if we read the description the tool was `laser cutter` and if you look at those protocols `Modbus/TCP` there are `Register values` present.
+
+![alt text](bytes.png)
+
+So we need to extract those response values and analyze them.
+
+```bash
+➜ tshark -r pcap -Y modbus -T fields -E header=y -e frame.len -e modbus.regval_uint16
+```
+
+This will give us all those responses and since they are in tuple of 3 the best we could do is plot them on graph and see if it result in something.
+
+First we put those values in a [file](pdus.txt).
+Now you can just plot this using python.
+Once plotted this will give you the flag.
+
+Also all the part after the we found pcap was done by __@unblvr__
@@ -0,0 +1,212 @@
+0,0,0
+0,0,0
+0,0,0
+0,0,0
+0,0,0
+0,0,0
+0,0,0
+250,0,0
+125,0,0
+125,1000,0
+0,1000,0
+250,1000,0
+0,0,1
+0,1000,1
+750,0,1
+750,1000,1
+0,125,2
+125,0,2
+625,0,2
+750,125,2
+750,375,2
+675,500,2
+675,500,2
+125,500,2
+0,625,2
+0,875,2
+125,1000,2
+625,1000,2
+750,875,2
+0,0,3
+0,0,3
+500,1000,3
+750,500,3
+250,500,3
+750,500,3
+1000,0,3
+0,0,4
+0,1000,4
+0,1000,4
+0,500,4
+750,500,4
+750,1000,4
+750,0,4
+0,0,5
+500,1000,5
+750,500,5
+250,500,5
+250,500,5
+750,500,5
+1000,0,5
+750,125,6
+625,0,6
+125,0,6
+0,125,6
+0,875,6
+0,875,6
+125,1000,6
+625,1000,6
+750,875,6
+0,0,7
+0,1000,7
+0,500,7
+750,1000,7
+750,1000,7
+0,500,7
+750,0,7
+0,0,8
+250,0,8
+125,0,8
+125,1000,8
+0,1000,8
+250,1000,8
+250,1000,8
+0,0,9
+0,1000,9
+750,0,9
+750,1000,9
+0,0,10
+0,1000,10
+625,1000,10
+625,1000,10
+750,875,10
+750,125,10
+625,0,10
+0,0,10
+0,1000,11
+0,125,11
+125,125,11
+125,0,11
+625,0,11
+750,125,11
+750,1000,11
+0,125,12
+125,0,12
+625,0,12
+750,125,12
+750,125,12
+750,375,12
+675,500,12
+125,500,12
+0,625,12
+0,875,12
+125,1000,12
+625,1000,12
+750,1000,12
+750,875,12
+0,1000,13
+500,1000,13
+500,0,13
+500,1000,13
+1000,1000,13
+0,0,14
+0,0,14
+0,1000,14
+625,1000,14
+750,875,14
+750,625,14
+625,500,14
+0,500,14
+625,500,14
+875,0,14
+875,0,14
+0,0,15
+250,0,15
+125,0,15
+125,1000,15
+0,1000,15
+250,1000,15
+0,0,16
+0,0,16
+500,1000,16
+750,500,16
+250,500,16
+750,500,16
+1000,0,16
+0,0,17
+0,1000,17
+0,1000,17
+0,0,17
+750,0,17
+0,0,18
+0,1000,18
+625,1000,18
+750,875,18
+750,625,18
+625,500,18
+625,500,18
+0,500,18
+0,0,19
+0,1000,19
+625,1000,19
+750,875,19
+750,625,19
+625,500,19
+625,500,19
+0,500,19
+625,500,19
+875,0,19
+750,125,20
+625,0,20
+125,0,20
+0,125,20
+0,125,20
+0,875,20
+125,1000,20
+625,1000,20
+750,875,20
+750,125,20
+750,125,21
+625,0,21
+125,0,21
+125,0,21
+0,125,21
+0,875,21
+125,1000,21
+625,1000,21
+750,875,21
+750,0,22
+0,0,22
+0,0,22
+0,500,22
+750,500,22
+0,500,22
+0,1000,22
+750,1000,22
+0,125,23
+125,0,23
+625,0,23
+625,0,23
+750,125,23
+750,375,23
+675,500,23
+125,500,23
+0,625,23
+0,875,23
+125,1000,23
+125,1000,23
+625,1000,23
+750,875,23
+0,125,24
+125,0,24
+625,0,24
+750,125,24
+750,375,24
+750,375,24
+675,500,24
+125,500,24
+0,625,24
+0,875,24
+125,1000,24
+625,1000,24
+750,875,24