Packet Madness 200

[Question]

These folks speak a different language. Join their site and translate the key for us. (Link to a PCAP file was provided)

[Files]

Local Mirror: PM200-PCAP

[Summary]

Try EBCDIC encoding

[Answer]

once upon a time IBM ruled the world

Walkthrough

    Opened the PCAP up in WireShark and traced the stream.  Switched the view from raw to EBCDIC and saw the following:

 For help at any time enter: ?%.cmd : .?%a - new user%l - login%n -
 news%m - maintenance%q - quit%? - print this message%cmd : .a%New user id: .marsddtek%New user 
password: .ilovesheep%Again: .ilovesh33p%Passwords do not match.%.cmd : .a%New user id: 
.mars.ddtek%New user password: .ilovesh33p%Again: .ilovesh33p%Welcome .mars.ddtek, we hope you 
enjoy our bbs%.You may now login%.cmd : .l%User: .administrator%Password: .password%Invalid 
user.%.cmd : .l%User: .admin%Password: .pass%Invalid user.%.cmd : .l%User: .root%Password: 
.root%Invalid user.%.cmd : .m%Please log in to use maintenance mode.%.cmd : .n%Please log in to 
read the news.%.cmd : .l%User: .mars.ddtek%Password: .ilovesh33p%Welcome back.mars.ddtek.%.cmd : 
.m%Insufficient privileges.%.cmd : .l%User: .Admin%Password: .admin%Invalid user.%.cmd : .l%User: 
.Admin%Password: .12345%Invalid user.%.cmd : .?%a - new user%l - login%n - news%m - maintenance%q - 
quit%? - print this message%cmd : .q%

    We used that information to log in to the server IP seen in PCAP.

    Next all we did was create a user named "Squidly1" and check the news.  The answer was provided in the new section, as seen below:

For help at any time enter: ?
%.cmd : .?
%a - new user
%l - login
%n - news
%m - maintenance
%q - quit
%? - print this message
%.cmd : .a
%New user id: .squidly1
%New user password: .squidly1
%Again: .squidly1
%Welcome .squidly1, we hope you enjoy our bbs
%.You may now login
%.cmd : .l
%User: .squidly1
%Password: .squidly1
%Welcome back.squidly1.
%.cmd : .?
%a - new user
%l - login
%n - news
%m - maintenance
%q - quit
%? - print this message
%cmd : .n
%Welcome to our news bulletin board
%
%.5/21/2010 - Defcon qualifiers are underway.
%
%.5/18/2010 - It's Bob Randolph's birthday today, wish him well
%            if you see him
%
%.5/16/2010 - It's IBM old timer's night at the bowling alley. 
%            The key thing to remember at these things is that: 
%            .once upon a time IBM ruled the world.
%
%.4/29/2001 - First post| w00t|
%
%.cmd : .

Write-up: Squidz-R-Us