CTT23{xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}
- First, Let open the pcap file with wireshark and analyze it with
Statistics > Protocol Hierarchy.
- It look like there is a lot of HTTP request, so export the HTTP data/files with
File > Export Objects > HTTP.
- We found 16.9b8bb247b8364bfb9a03ed9768c66376.message, so let save it.
- We don't know what kind of file this is. So use the file command to see what file it is.
file 16.9b8bb247b8364bfb9a03ed9768c66376.messageAnd we know that it is a PNG image file.
- We changed the file extension to png.
mv 16.9b8bb247b8364bfb9a03ed9768c66376.message > message.png- And we got message.png.
But really hard to scan, because the finder pattern is missing.
- So we add a clear finder pattern to the image.
-
After we scan the QR code, we got the website
http://bit.ly/ctt23. -
When we visit the website, we got
CTT23{Th3_g00d_inv3st1g@t0r}.







