H4CK1T CTF 2016: Greenland – 7r0ubl3 (200 points)

Description

Наша сеть была скомпрометирована! Выясните к какой информации злоумышленники могли получить доступ.

Our network has been compromised! Find out what information hackers might gain access.

Solution

Attached was a .pcap file. An easy approach of getting any interesting files from the pcap is using the tool foremost. It carves the file by searching through the input file for any bytes that can be headers and footers of specific filetypes. Let’s try it out:

The output of the command I ran above will now be in the ./output directory. Below, you can see that directory contains a subdirectory for each of the filetypes foremost thinks to have found.

Let’s go to the zip directory, which I know is the one we are looking for right now, and look at its contents.

There appears to be a ZIP archive, which we will of course try to extract.

That’s interesting! There is a file called secret.tar in the ZIP archive. Let’s extract!

It appears to contain a file called secret.txt, which we will look at below:

That’s definitely hexadecimal strings, so it might be good to try to decode it to ASCII.

That’s it. The flag is h4ck1t{s0_34sY_Fl4g_huh}.

1 Comment

Leave a Comment

Your email address will not be published.