Skip to content

Latest commit

 

History

History

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 

readme.md

Write-ups for TCTT2023/Network/01

Flag pattern

CTT23{xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}

Challenge Files

Thepuzzle.zip

Solution

  1. First, Let open the pcap file with wireshark and analyze it with Statistics > Protocol Hierarchy.

wireshark_result_1

wireshark_result_2

  1. It look like there is a lot of HTTP request, so export the HTTP data/files with File > Export Objects > HTTP.

wireshark_result_3

  1. We found 16.9b8bb247b8364bfb9a03ed9768c66376.message, so let save it.

wireshark_result_4

  1. We don't know what kind of file this is. So use the file command to see what file it is.
file 16.9b8bb247b8364bfb9a03ed9768c66376.message

file_result

And we know that it is a PNG image file.

  1. We changed the file extension to png.
mv 16.9b8bb247b8364bfb9a03ed9768c66376.message > message.png
  1. And we got message.png.

message

But really hard to scan, because the finder pattern is missing.

qr_component

  1. So we add a clear finder pattern to the image.

message_with_finder_pattern

  1. After we scan the QR code, we got the website http://bit.ly/ctt23.

  2. When we visit the website, we got CTT23{Th3_g00d_inv3st1g@t0r}.