Archive

Posts Tagged ‘mma ctf stream writeup’

MMA CTF 2015 Forensics stream writeup

September 7, 2015 1 comment

MMA_CTF_Scoreboard

I played a CTF after a very long gap. We secured 33rd (team bi0s) position out of 650+ teams in the contest by knocking down 17 challenges.

Download the challenge file from here

The challenge involves the following tasks,

  1. Extract the x-mms-framed binary ( streaming data ) from the given traffic captured file.
  2. Recover the media stream from the x-mms-framed binary.

As per the Microsoft documentation [1] [2],

The file is actually used to stream real time data between client (can be Windows Media Player or VLC etc) and server (Microsoft Media Servers). The receiver of the streaming data is the client and the sender isĀ  server. Unlike HTTP this version of HTTP protocol maintains the state. The protocol attempts to facilitate scenarios where the multimedia file is being transferred and rendered simultaneously. One important thing to notice is, it doesn’t provide a mechanism for a client to discover the URL to the server.

After reading more on the Microsoft documentation I understood we can recover the media streams. So I focused on searching a program which can host this reconstructed file from Wireshark as server and a client which can communicate with the server and decode the media stream as a ASF video file. We used these programs which can do the task. Once after uploading we opened the GetASFStreamer ( client) which decoded and saved the video file where we had the flag. As a note, please use these programs in Windows XP. I did not get the ASF video file saved, when I followed the same steps (mentioned above) in a Windows 7 machine.

stream_capture

stream

So the flag is,

mma_Ctf

References:

[1] https://msdn.microsoft.com/en-us/library/cc251059.aspx

[2] https://msdn.microsoft.com/en-us/library/cc251177.aspx

bi0s

CTF | Amrita

Thoughts - always free of cost !!

Simple words gr8 thoughts ...

RAM Slack - Random Thoughts from a Computer Forensic Examiner

Random Thoughts from a Computer Forensic Examiner

InCTF

behind the scenes

DFIR Journal

Trials and Tribulations of a DFIR life

I dont know zilch !

For the noobs out there like me

X-Ways Forensics Practitioner's Guide

The Guide to X-Ways Forensics!

Forensic Focus - Articles

Digital forensics articles and research papers

my abbreviations......

gain,learn and share knowledge!!!!

digirati82

Windows Logging Service (WLS), DFIR, etc.

Belkasoft Forensic: The Digital Evidence Blog

Searching for, analyzing and recovering digital evidence

Gail Tredwell. Amma. Truth. Lies. Scandals. Fraud. And. Reality

Three things cannot be long hidden: the sun, the moon, and the truth.

Integriography: A Journal of Broken Locks, Ethics, and Computer Forensics

Musings about UAVs, search & rescue, computer forensics, cyber security, and the state of play in all .....

Life is beautiful

when the mind is full with love, you see beauty in every thing

Techno Krat

.... Dare To Try .......