From b2a37fa868d86d5bd332bba07aed76112e7940cf Mon Sep 17 00:00:00 2001
From: Alex Wichmann <VisualBean@users.noreply.github.com>
Date: Fri, 9 Dec 2022 08:19:08 +0100
Subject: [PATCH] Create README.md

---
 reversing/banke-paa/README.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 reversing/banke-paa/README.md

diff --git a/reversing/banke-paa/README.md b/reversing/banke-paa/README.md
new file mode 100644
index 0000000..dfa7010
--- /dev/null
+++ b/reversing/banke-paa/README.md
@@ -0,0 +1,28 @@
+# Assignment
+Det er nissen der står herude og banker på.
+
+You get 2 files;
+* banke-paa
+* banke-paa.pcapng
+
+the first file is an elf-file, so we try to run it
+`./banke-paa [kodeord [ip adresse]`
+
+The pcap files contains a lot of icmp packets, probably references by the "banker" part of the assignment.
+we know that flags start med `nc3{` so we try that towards `127.0.0.1` which is the ip address of the icmp packets
+
+it spits out
+```
+Knock: 31357
+Knock: 31415
+Knock: 31528
+Knock: 31361
+```
+
+which fits with the first 4 icmp packet, ports. - we are on to something.
+Brute force to find the correct port and move on
+
+`./banke-paa 'nc3{julemanden banker aldrig paa!}' 127.0.0.1`
+
+# Flag
+nc3{julemanden banker aldrig paa!}