FM02 - 250pts
Last updated
Was this helpful?
Last updated
Was this helpful?
Download the file and find a way to get the flag. Contents: IRC-cap-vpn.pcapng
Challenge Files:
We can open the packet capture file in wireshark
and apply the irc
filter since the name of the file mentions irc.
Right click and follow the TCP stream to get the following ASCII output:
A file called file.7z
and a password TWFyaW9SdWxlejE5ODU=
are sent. The password is base64 for MarioRulez1985
.
We can search each TCP stream for the 7z
magic bytes, which are 37 7a bc af 27 1c
according to the , to find which steam contains the file. tcp.stream eq 79
contains the flag. We can follow the steam, change the "Show and save data as" option to Raw
, and then save the content to file.7z
.
Next, we extract file.7z
using the password we found earlier, MarioRulez1985
.
Finally, run strings Flag.nes
to get the flag.
NESted_in_a_PCAP