Posts

Showing posts from February, 2020

rawSEC MINICON CTF 2020 PCAP 1 Challenge Write Up

Image
I had an opportunity to participate this CTF this time, I joined this CTF just for fun and to gain new knowledge along the way by completing some of the challenges. In this particular challenge, I'm using this tool to find the flag: Notepad++ Wireshark Microsoft Excel Python XLRD python library Command line First I load the PCAP_1.pcap to Wireshark. Scrolling through the packet capture file, I notice there is GET request from 172.16.236.163 to 69.172.200.235 which can be seen there is a key value and its look like a base64 string, so I try to export it if there is any object from HTTP protocol. To extract object in particular stream in the pcap file using Wireshark, you have to go to File > Export Objects > HTTP. Looking at the export object there is a lot of base64 string can be found, decoding this string one by one does not seem practical. Therefore, I save all the objects into designated folder first to extract the string. I create a fo...