Skip to content

Latest commit

 

History

History
46 lines (32 loc) · 1.09 KB

shucks.md

File metadata and controls

46 lines (32 loc) · 1.09 KB

Shucks

Challenge Category: Forensics
Challenge Points: 500

Challenge Description

Find the fragments of a long-lost flag scattered across the network.

(Download Shucks.pcapng)

Solution

  1. We can use tcpdump to quickly filter through all packets to find a match closest to our flag.
tcpdump -qns 0 -A -r Shucks.pcapng | grep NYP
reading from file Shucks.pcapng, link-type EN10MB (Ethernet), snapshot length
262144
<title>NYP InfoSec CTF</title>
username=NYP%7Bpack&password=e7_dE7ec7ive%7D
<title>NYP InfoSec CTF</title>
  1. The flag is split between the username and password form data. We can remove the username= and &password=
$ tcpdump -qns 0 -A -r forensics_shucks.pcapng | grep NYP | sed 's/username=//; s/&password=//' | grep -o "^NYP.*$"
NYP%7Bpacke7_dE7ec7ive%7D
  1. URL decode the flag
$ tcpdump -qns 0 -A -r forensics_shucks.pcapng | grep NYP | sed 's/username=//; s/&password=//' | grep -o "^NYP.*$" | php -r 'echo urldecode(fgets(STDIN));'
NYP{packe7_dE7ec7ive}