CTF Overpass2 | TryHackMe
📰 Medium · Cybersecurity
Learn to analyze network traffic and identify vulnerabilities using Wireshark and TryHackMe's Overpass2 challenge
Action Steps
- Download and install Wireshark to analyze network traffic
- Use the filter http.request.method == POST to identify suspicious POST requests
- Analyze the payload of the POST requests to identify potential vulnerabilities
- Use netcat to test connectivity and identify open ports
- Apply the knowledge to TryHackMe's Overpass2 challenge to practice vulnerability identification
Who Needs to Know This
Security teams and penetration testers can benefit from this tutorial to improve their network analysis skills and identify potential vulnerabilities in their systems.
Key Insight
💡 Analyzing network traffic and identifying vulnerabilities is crucial for security teams to protect their systems from potential attacks.
Share This
Improve your network analysis skills with Wireshark and TryHackMe's Overpass2 challenge! #cybersecurity #networkanalysis
Key Takeaways
Learn to analyze network traffic and identify vulnerabilities using Wireshark and TryHackMe's Overpass2 challenge
Full Article
Title: CTF Overpass2 | TryHackMe
URL Source: https://medium.com/@henrique.mb/ctf-overpass2-tryhackme-22dd4e3b50ad?source=rss------cybersecurity-5
Published Time: 2026-04-19T02:06:36Z
Markdown Content:
# CTF Overpass2 | TryHackMe. Máquina: Overpass2 Dificuldade: Fácil… | by Henrique | Apr, 2026 | Medium
[Sitemap](https://medium.com/sitemap/sitemap.xml)
[Open in app](https://play.google.com/store/apps/details?id=com.medium.reader&referrer=utm_source%3DmobileNavBar&source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40henrique.mb%2Fctf-overpass2-tryhackme-22dd4e3b50ad&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)
[](https://medium.com/?source=post_page---top_nav_layout_nav-----------------------------------------)
Get app
[Write](https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---top_nav_layout_nav-----------------------new_post_topnav------------------)
[Search](https://medium.com/search?source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40henrique.mb%2Fctf-overpass2-tryhackme-22dd4e3b50ad&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)
# CTF Overpass2 | TryHackMe
[](https://medium.com/@henrique.mb?source=post_page---byline--22dd4e3b50ad---------------------------------------)
[Henrique](https://medium.com/@henrique.mb?source=post_page---byline--22dd4e3b50ad---------------------------------------)
Follow
4 min read
·
Just now
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F22dd4e3b50ad&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40henrique.mb%2Fctf-overpass2-tryhackme-22dd4e3b50ad&user=Henrique&userId=e4997acc5cc7&source=---header_actions--22dd4e3b50ad---------------------clap_footer------------------)
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F22dd4e3b50ad&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40henrique.mb%2Fctf-overpass2-tryhackme-22dd4e3b50ad&source=---header_actions--22dd4e3b50ad---------------------bookmark_footer------------------)
Share
Máquina: Overpass2
Dificuldade: Fácil
Plataforma: TryHackMe
Press enter or click to view image in full size
## Introdução
O Overpass foi hackeado! A equipe do SOC (Paradox, parabéns pela promoção) notou atividade suspeita durante um turno da noite enquanto analisava os dados do sistema e conseguiu capturar os pacotes de dados no momento do ataque.
Você consegue descobrir como o invasor entrou e invadir o servidor de produção da Overpass?
## Análise do PCAP
Iniciamos a análise do arquivo `.pcap` enviado pela equipe de SOC utilizando a ferramenta **Wireshark**. Para isso aplicamos o filtro de requisição `http.request.method == "POST"` com o objetivo de filtrar todas as requisições **POST** feitas pelo atacante, onde nos possibilitou de identificar a **URL** da página utilizada pelo atacante `/development/` e o payload foi carregado na página `upload.php`.
Press enter or click to view image in full size
Em seguida, encontramos o payload utilizado pelo atacante para criar um shell reverso.
Press enter or click to view image in full size
Como o atacante usou a porta **4242** para a conexão via netcat, filtramos todas as requisições feitas
URL Source: https://medium.com/@henrique.mb/ctf-overpass2-tryhackme-22dd4e3b50ad?source=rss------cybersecurity-5
Published Time: 2026-04-19T02:06:36Z
Markdown Content:
# CTF Overpass2 | TryHackMe. Máquina: Overpass2 Dificuldade: Fácil… | by Henrique | Apr, 2026 | Medium
[Sitemap](https://medium.com/sitemap/sitemap.xml)
[Open in app](https://play.google.com/store/apps/details?id=com.medium.reader&referrer=utm_source%3DmobileNavBar&source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40henrique.mb%2Fctf-overpass2-tryhackme-22dd4e3b50ad&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)
[](https://medium.com/?source=post_page---top_nav_layout_nav-----------------------------------------)
Get app
[Write](https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---top_nav_layout_nav-----------------------new_post_topnav------------------)
[Search](https://medium.com/search?source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40henrique.mb%2Fctf-overpass2-tryhackme-22dd4e3b50ad&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)
# CTF Overpass2 | TryHackMe
[](https://medium.com/@henrique.mb?source=post_page---byline--22dd4e3b50ad---------------------------------------)
[Henrique](https://medium.com/@henrique.mb?source=post_page---byline--22dd4e3b50ad---------------------------------------)
Follow
4 min read
·
Just now
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F22dd4e3b50ad&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40henrique.mb%2Fctf-overpass2-tryhackme-22dd4e3b50ad&user=Henrique&userId=e4997acc5cc7&source=---header_actions--22dd4e3b50ad---------------------clap_footer------------------)
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F22dd4e3b50ad&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40henrique.mb%2Fctf-overpass2-tryhackme-22dd4e3b50ad&source=---header_actions--22dd4e3b50ad---------------------bookmark_footer------------------)
Share
Máquina: Overpass2
Dificuldade: Fácil
Plataforma: TryHackMe
Press enter or click to view image in full size
## Introdução
O Overpass foi hackeado! A equipe do SOC (Paradox, parabéns pela promoção) notou atividade suspeita durante um turno da noite enquanto analisava os dados do sistema e conseguiu capturar os pacotes de dados no momento do ataque.
Você consegue descobrir como o invasor entrou e invadir o servidor de produção da Overpass?
## Análise do PCAP
Iniciamos a análise do arquivo `.pcap` enviado pela equipe de SOC utilizando a ferramenta **Wireshark**. Para isso aplicamos o filtro de requisição `http.request.method == "POST"` com o objetivo de filtrar todas as requisições **POST** feitas pelo atacante, onde nos possibilitou de identificar a **URL** da página utilizada pelo atacante `/development/` e o payload foi carregado na página `upload.php`.
Press enter or click to view image in full size
Em seguida, encontramos o payload utilizado pelo atacante para criar um shell reverso.
Press enter or click to view image in full size
Como o atacante usou a porta **4242** para a conexão via netcat, filtramos todas as requisições feitas
DeepCamp AI