180010027
/
CTFlearn-Writeups
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
CTFlearn Writeups
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
11 MiB
 
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
CTFlearn-Writeups/Forensics/A CAPture of a Flag
rishitsaiya 53fd30619d
Added CTFlearn writeups 		4 years ago
..
Base64.png Added CTFlearn writeups 4 years ago
HTTP.png Added CTFlearn writeups 4 years ago
README.md Added CTFlearn writeups 4 years ago
flag (4) Added CTFlearn writeups 4 years ago

README.md

A CAPture of a Flag

The main idea finding the flag is exploring the given PCAP file in Wireshark.

Step-1:

After downloading flag (4) (a PCAP file) from the cloud, I directly opened it in Wireshark application.

For those, who are unaware om how to filter streams or use this application, please do your homework here:

https://www.wireshark.org/

Step-2:

I tried to check TCP stream for some clues and then I tried UDP streams for some clues. Finally, I used the filter to get only HTTP requests.

Step-3:

I went through all requests and this request caught my eye. 247 2.270670 10.50.203.75 185.21.216.190 HTTP 504 GET /?msg=ZmxhZ3tBRmxhZ0luUENBUH0= HTTP/1.1

It has a Base64 encrypted message.

Step-4:

So finally, I decoded it online at: https://www.base64decode.org/

I got the flag there:

Voila, we have it here.

Step-4:

Finally the flag becomes: flag{AFlagInPCAP}