Open in app

Sign in

Write

Sign in

Solved By Only 1% : Root-Me {Network} 10. POP — APOP CTF WriteUp

Genesis
3 min readDec 30, 2021
https://www.root-me.org/?lang=en

15 Points
Secured authentication

Author

lutzenfried, 11 November 2020

POP — APOP

Find the user password in this network frame.

SOLUTION

When we will start the challenge we will get a zip file. After we got the zip file we have to extract the file.

What is POP Protocol?

According to google,the Post Office Protocol (POP) is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. POP version 3 (POP3) is the version in common use.

What is APOP Authentication?

APOP (Authenticated POP) is an extension of the standard POP3 protocol. In simple words apop is used to encrypt the username or password.

Command

unzip <filename>

After the Unzip process we will get a pcapng file which opened in wireshark.

As the name of the challenge given us a useful hint that this challenge is based on pop protocol and apop authentication.

We will use the filter option to filter out the pop packets in wireshark.

After Examining the packets we got to know that the apop authentication is used to encrypt the password. See in the second packet in the above image after bsmith. Now its time to go to the reference article we have been provided in this challenge.

According to the reference, A POP3 server which implements the APOP command will include a timestamp in its banner greeting.For example, on a UNIX implementation in which a separate UNIX process is used for each instance of a POP3 server, the syntax of the timestamp might be:

<process-ID.clock@hostname>

where ‘process-ID’ is the decimal value of the process’s
PID, clock is the decimal value of the system clock, and
hostname is the fully-qualified domain-name corresponding
to the host where the POP3 server is running.

APOP authentication uses md5 with salt to encrypt the password.

Example Of APOP Authentication

Examples:
             S: +OK POP3 server ready <1896.697170952@dbc.mtview.ca.us>
             C: APOP mrose c4c9334bac560ecc979e58001b3e22fb
             S: +OK maildrop has 1 message (369 octets)

             In this example, the shared  secret  is  the  string  `tan-
             staaf'.  Hence, the MD5 algorithm is applied to the string

                <1896.697170952@dbc.mtview.ca.us>tanstaaf

             which produces a digest value of

                c4c9334bac560ecc979e58001b3e22fb

Now we know that the salt in this challenge is <1755.1.5f403625.BcWGgpKzUPRC8vscWn0wuA==@vps-7e2f5a72>

And we also know the hash of the password+salt is 4ddd4137b84ff2db7291b568289717f0

Now we will hashcat Tool to crack the password

Hashcat Command

hashcat -a 0 -m 20 <hashfile_name.txt> <wordlist.txt>

  • a = Attack mode
  • -m = Hash Type
  • I used rockyou.txt wordlist

To save the hash_name.txt in right way Read this article Examples hashes.

Ctf Writeup
Pop
Apop
Root Me

--

--

Genesis

Written by Genesis

1 Follower

CTF Player | Pentester | CTF Writeups | Cyber Security Related Blogs

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams