Your second task will require you to recover a payload from the conversation. Just need 2.3. Need you to explain step by step, and concept by concept if possible. Use wireshark. Tell me your answer and how you got to each. You can download the file and go from there. Explain your process of how to decrypt and run with examples of how to.

Also provide potential filters for solving each one. This involves a pcap file: https://cs6035.s3.amazonaws.com/MITM/mitm_spring2024.pcap

As part of the evidence gathering, the Attorney General needs concrete evidence of malicious intent. For Task 2, you will need to review the conversation between members of TNC and gather incriminating data from this conversation.

Task 2.1

• One of the hackers transfers a file to another hacker, after confirming their identity. What is the name of the file? (Including extension
  • Example:somefile.extension
  • Points: 6

Task 2.2

• It seems that the file transferred is encrypted. What encryption method or algorithm was used to encrypt the file? (Just the 3-letter name)
  • Example:something
  • Points: 4

Task 2.3

• If you decrypt and run the file, you'll get a unique hash based on your USERID. What is the hash generated?
  • Example:a123242342342342342934234
  • Points: 18

Background: The Attorney General is impressed by you but says they believe the group is also using another server to host a malicious file. It appears that one of the hackers recently accessed this server and downloaded a file from it. As a last minute request, the Attorney General is asking you to investigate what this file is, and where it is hosted.

Task 2.4

What is the IP address for the server in question? What is the programming language used to make this file?If you run this file you'll get a Combined hash. What is the unique hash for your USERID (i.e 806054)? (Same here explain how you found the IP and how you ran this file)