A simple task named spcap (simple pcap). We open it with wireshark and get the Statistics->Conversations. Some SSH, HTTP on it. Apply this filter on HTTP:
ip.addr==172.16.133.133 && tcp.port==52694 && ip.addr==172.16.133.149 && tcp.port==80
We notice that if we follow TCP stream there’s a GET request file called «/files/flag.jpg», so we have to get it.
The last step is recover the file from pcap with File->Export->Objects->HTTP and select the file:
Flag is on this file:
Flag: ASIS_de67c0eafdd76d7b38f67f7a458a83a1
na
septiembre 1, 2013ah, sorry didn’t see that one during the competition – thanks for the nfo on the pcap challenge :)
na
septiembre 1, 2013Thanks for the write-up. I think this challenge may have been simplified during the contest. I had a no GET /files/flag.jpg but instead a number of files in the following format: /files/1e13be50f05092e2a4e79b321c8450d4. combining them didn’t seem to produce much so i was stuck. Anybody solve the non-simple version of this?
Thanks
tunelko
septiembre 1, 2013Thanks for comment. I think challenge you mention is pcap (there are 3 pcap challenge, spcap, pcap and pcaps, this one no one solve it!).
On the second pcap there are 52 tcp streams and one of them has this text:
Hi
hello
I need secret key
ok
secret key will be sent on 6 parts
secret key : part 1 is M)m5s6S
did you received part 1 of secret key?
yes please send part 2
part 2 of secret key is ^[>@#
I recieved part 2
ok. please send me the other parts too
part 3 of secret key is Q3+1
did you received part 3?
yes
are you ready to receive part 4?
yes, please send
part 4 is 0PD.
ok. i received part 4
Please send me part 5
ok
part 5 of secret key is KE#cy
I received part 5
part 6 of secret key is PsvqH
ok. I received all parts of secret key.
Thanx
Later, you got to download and concatenate files to a a 7z that contains an image with the flag (7z password protected with («M)m5s6S^[>@#Q3+10PD.KE#cyPsvqH») password ) :-)