CTF, Wargame,

ASIS CTF – simple pcap “spcap” writeup

0
Shares


A simple task named spcap (simple pcap). We open it with wireshark and get the Statistics->Conversations. Some SSH, HTTP on it. Apply this filter on HTTP:

ip.addr==172.16.133.133 && tcp.port==52694 && ip.addr==172.16.133.149 && tcp.port==80

We notice that if we follow TCP stream there’s a GET request file called “/files/flag.jpg”, so we have to get it.

files_flag_wireshark

 

The last step is recover the file from pcap with File->Export->Objects->HTTP and select the file:

get_files_http

 

Flag is on this file:

flag

 

Flag: ASIS_de67c0eafdd76d7b38f67f7a458a83a1

No hay contenido relacionado