This exercise is one of our challenges to help you learn how to analyze PCAP files

< 1 Hr.
PCAP badge


In this challenge, you will be working with a PCAP file that contains network traffic captured during an SMTP connection used to send an email. Your task is to use Wireshark to inspect the TCP connection and identify the base64-encoded username and password. By following the TCP stream, you will decode the necessary data to uncover the credentials used to log into the SMTP server.

The provided PCAP file includes the entire conversation between the client and the server, where the client sends an EHLO command, proceeds to authenticate, and exchanges email data. You will need to carefully follow the TCP stream and decode base64-encoded segments to reveal the username "victim" and the corresponding password. This exercise will help you understand the SMTP authentication process and improve your skills in network traffic analysis.

Want to learn more? Get started with PentesterLab Pro! GO PRO