You have been assigned the task of conducting a Vulnerability Assessment for a network. A file containing a list of over 5000 IP addresses has been provided. This list includes a mix of valid IP addresses, invalidly formatted IP addresses, IPv6 addresses, short-hand IPv6 notations, and even some with evasive gibberish data.

Your mission is to identify and flag the malicious IP addresses falling into the two specific categories below:

1. IPv4 addresses starting with "99.8."
These have been identified as IPs of threat actors.

2. **IPv6 addresses that match the pattern "2610:a1:::*"
These have been identified as IPs of C2 servers.

After identifying these IP addresses, your next task is to capture the last character of each IP address in their original order of appearance in the file. These characters will be used to form the Flag in the following example format: `HQ8{IP_characters}`.

Note:** Include the script developed to solve this task in the report.

Python script that identifies malicious IPv4 addresses starting with "99.8." and IPv6 addresses matching the pattern "2610:a1:::*", capturing the last character of each to form the Flag in the format HQ8{IP_characters}.

import re

def is_valid_ipv4(ip):

parts = ip.split('.')

return len(parts) == 4 and all(0 <= int(part) <= 255 for part in parts)

def is_valid_ipv6(ip):

try:

# Using inet_pton to validate IPv6 format

socket.inet_pton(socket.AF_INET6, ip)

return True

except socket.error:

return False

def identify_malicious_ips(ip_list):

malicious_ipv4 = []

malicious_ipv6 = []

for ip in ip_list:

if ip.startswith("99.8.") and is_valid_ipv4(ip):

malicious_ipv4.append(ip)

elif re.match(r'^2610:a1:[0-9a-fA-F]{1,4}:[0-9a-fA-F]{1,4}:[0-9a-fA-F]{1,4}:[0-9a-fA-F]{1,4}$', ip) and is_valid_ipv6(ip):

malicious_ipv6.append(ip)

return malicious_ipv4, malicious_ipv6

def capture_last_character(ip_list):

return [ip[-1] for ip in ip_list]

# Example usage

if __name__ == "__main__":

# Assuming ip_addresses.txt contains the list of IPs, one per line

with open("ip_addresses.txt", "r") as file:

ip_addresses = [line.strip() for line in file]

malicious_ipv4, malicious_ipv6 = identify_malicious_ips(ip_addresses)

# Capture the last character of each identified IP

flag_characters = capture_last_character(malicious_ipv4 + malicious_ipv6)

# Form the Flag

flag = "HQ8{" + ''.join(flag_characters) + "}"

print("Malicious IPv4 Addresses:", malicious_ipv4)

print("Malicious IPv6 Addresses:", malicious_ipv6)

print("Flag:", flag)

the script utilizes Python to identify malicious IPv4 and IPv6 addresses from a given list, capturing the last character of each to construct a Flag in the format HQ8{IP_characters}.