BloomCon 0x05 Networks CTF - Who Am I? (Challenge 1)

Other than the Forensics challenge, for BloomCon 0x05 we also got a Networks CTF challenge. We were provided two different packet capture files with a list of questions for each. Let's dive into part 1 and see what I was able to find.

Who Am I? - Challenge 1

It's your first day at your new job for big consulting inc.  You've been placed in charge of a small, isolated subnet of two developers.  Each developer has one windows machine and are connected to a single router.  Make yourself familiar with your new subnet with these tasks?

Question 1

What class of subnet is this?

Loading the .pcap file into Network Miner we can see a few hosts, starting with 192.168.x.x. 

Figure 1: Hosts from the .pcap

A quick Google search for a subnet class chart shows that these are part of the C Class.

Figure 2: Subnet classes

Question 2

What is the workgroup name?

 Expanding either host IP and going into the Host Details shows the workgroup name "BIGCONSULT" under the Queried NetBIOS names field.

Figure 3: workgroup name info

Question 3

What is the host name of the windows machine with the lowest IP address?- give IP address

Seen from Figure 1, the lowest IP address had a host name of "SKYGUY". 

Question 4

What is the host name of the windows machine with the highest IP address?- give the IP address

Seen from Figure 2, the higher IP address had a host name of "PURPLE-HP".

Question 5

The service used in the above questions is what service and what port number does it use?

I wasn't completely sure what exactly they were looking for so I poked around and ended up on the Parameters tab in Network Miner. Each entry shows a NetBIOS Query over port 137, which ended up being the answer.

Figure 4: NetBIOS Queries


NetworkMiner made answering these questions ridiculously easy. I'm sure if you know how to use something like Wireshark it may be just as simple as well. Challenge 2 coming soon.

Tool Listing