Fermat's water

MediumNetwork Security

Overview

Our smart agriculture system was targeted in a cyberattack affecting one specific area. The attacker injected false data, causing the water pump to activate and flood the crops, leading to total crop loss. The system is designed to stabilize soil moisture levels between 30% and 40%, but the falsified data reported moisture levels far below this range, triggering unnecessary irrigation. The breach was due to compromised login credentials that allowed unauthorized access. We need to identify the start time of the attack (first packet that contained wrong data), the time of the first try to authenticate , the attacker’s IP address, and the specific username and password that were compromised. However, all the traffic is encrypted, so traffic analysis is not possible. Flag Format: Flag{ip|time_of_first_autntication|time_of_first_wrong_data|username:password} timestamp is utc and with this fomrat YY-MM-DD-hh-mm-ss

Lab Details

Prerequisites & Requirements

  • Knowledge of network protocol analysis using Wireshark
  • Understanding of MQTT (Message Queuing Telemetry Transport) protocol
  • Basic knowledge of TLS/SSL encryption and certificate analysis
  • Familiarity with RSA cryptography and its vulnerabilities
  • Understanding of Fermat's factorization method for breaking weak RSA keys
  • Python scripting skills for packet analysis and cryptographic operations
  • Knowledge of OpenSSL command-line tools for certificate manipulation
  • Understanding of IoT systems and sensor data interpretation

What will you learn?

  • How to analyze encrypted MQTT traffic in network captures
  • Techniques for extracting and analyzing TLS certificates from packet captures
  • Implementation of Fermat's factorization attack against weak RSA keys
  • Methods for decrypting TLS traffic using recovered private keys
  • MQTT protocol structure and message types (CONNECT, PUBLISH, etc.)
  • How to identify suspicious behavior in IoT sensor networks
  • Timestamp analysis and conversion techniques for forensic investigations
  • Python scripting for automated packet analysis and data extraction

Tools

  • Wireshark: Network protocol analyzer for examining packet captures
  • Python 3: Scripting language for automation and cryptographic operations
  • PyShark: Python wrapper for tshark, used for programmatic packet analysis
  • OpenSSL: Command-line tool for certificate manipulation and analysis
  • PyCryptodome: Python cryptographic library for RSA operations
  • IDE : For script development and data analysis

Job Positions

Tags

Tls InspectionMqttIotPacket AnalysisWiresharkPcapSoc