CTF, Wargame,

ASIS CTF – simple pcap «spcap» writeup

A simple task named spcap (simple pcap). We open it with wireshark and get the Statistics->Conversations. Some SSH, HTTP on it. Apply this filter on HTTP:

ip.addr== && tcp.port==52694 && ip.addr== && tcp.port==80

We notice that if we follow TCP stream there’s a GET request file called «/files/flag.jpg», so we have to get it.



The last step is recover the file from pcap with File->Export->Objects->HTTP and select the file:



Flag is on this file:



Flag: ASIS_de67c0eafdd76d7b38f67f7a458a83a1

No hay contenido relacionado



septiembre 1, 2013

ah, sorry didn’t see that one during the competition – thanks for the nfo on the pcap challenge :)


septiembre 1, 2013

Thanks for the write-up. I think this challenge may have been simplified during the contest. I had a no GET /files/flag.jpg but instead a number of files in the following format: /files/1e13be50f05092e2a4e79b321c8450d4. combining them didn’t seem to produce much so i was stuck. Anybody solve the non-simple version of this?



septiembre 1, 2013

Thanks for comment. I think challenge you mention is pcap (there are 3 pcap challenge, spcap, pcap and pcaps, this one no one solve it!).
On the second pcap there are 52 tcp streams and one of them has this text:
I need secret key
secret key will be sent on 6 parts
secret key : part 1 is M)m5s6S
did you received part 1 of secret key?
yes please send part 2
part 2 of secret key is ^[>@#
I recieved part 2
ok. please send me the other parts too
part 3 of secret key is Q3+1
did you received part 3?
are you ready to receive part 4?
yes, please send
part 4 is 0PD.
ok. i received part 4
Please send me part 5
part 5 of secret key is KE#cy
I received part 5
part 6 of secret key is PsvqH
ok. I received all parts of secret key.

Later, you got to download and concatenate files to a a 7z that contains an image with the flag (7z password protected with («M)m5s6S^[>@#Q3+10PD.KE#cyPsvqH») password ) :-)

Leave a Reply

Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.