Skip to content

02

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

02

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
write-ups
write-ups
 
 
TheSecretMessage.zip
TheSecretMessage.zip
 
 
readme.md
readme.md
 
 

readme.md

Write-ups for TCTT2023/Network/02

Flag pattern

CTT23{xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}

Challenge Files

TheSecretMessage.zip

Solution

  1. In this PCAP file there are very few packets, we just lookin into packet no.2 .

wireshark_result_1

We can see the PK in the content which is the header of the zip file.

  1. We copy the zip content of the packet in hex.
50 4b 03 04 14 00 00 00 08 00 aa 9d 1a 57 a1 8b
85 3f ad 01 00 00 bc 01 00 00 08 00 00 00 66 6c
61 67 2e 7a 69 70 75 90 5b 28 bb 71 1c c6 7f ef
fe ef fe 93 cc 4a b3 89 8d 99 f3 61 24 2e 94 b4
30 b5 8c da d6 44 0e cd 24 33 96 b6 c9 61 73 21
9b 86 94 37 29 f2 e6 7c 96 6c 8e 45 21 4b 0e 25
21 33 76 b1 a4 68 48 89 92 39 7b 1b 25 17 9e 6f
df e7 a9 a7 cf d5 c3 e7 fd 83 c9 00 00 17 d0 df
e3 9d c5 81 6f 27 82 21 00 58 d8 bb 60 6d b1 5c
22 8d d2 c8 14 95 08 9b 8b 53 92 b7 4e 33 f5 79
fe a8 92 93 9a cf f0 a4 16 11 e9 49 22 e9 7c fe
3a 51 d0 c6 09 1a 86 85 fe f3 f1 30 45 26 60 b9
a7 a5 10 0f f6 0b ea 18 83 5a d5 f4 9a b6 7c 9b
29 6a d0 d3 c2 5f 1b 2f 99 0e bb 3d ac 49 77 ba
55 8b 3c 9e dd d5 88 5b a7 0c 32 18 c4 9c b4 a2
63 d1 b9 73 31 09 68 b7 5a 2b 9c 14 9b 1f bc 3b
8f 2d 8f 8d 4a 6a 80 cd 32 52 3d 75 4f 47 19 a3
71 8b 72 84 f6 62 76 74 18 8c 9b 29 be 04 6b 6c
c5 33 93 c7 45 fa 2e 0a 9f 8d 26 c5 f8 58 86 db
13 fd 10 b5 b1 df ea ab a2 a9 7b e9 72 7c fb 72
e2 08 cd 31 2b 24 d9 43 74 fa 25 75 e9 d0 1c 4b
4d 55 84 86 35 ef d0 05 5c 0f 9b 09 71 5f 98 29
ab 28 39 bf ba b1 a8 ce c8 19 ab 77 11 ef d3 e2
23 a9 06 31 dc f7 6a 32 7b ac 85 b5 6f 2b 1f 52
92 79 6d 26 fb 28 54 a4 11 43 f8 b6 64 56 97 a9
05 d6 05 2f 4a 28 4d 14 23 49 a7 1a d8 19 cc 91
10 36 22 af 11 dc 2e c4 e7 41 38 36 f8 6b cd 40
f0 25 86 d3 7f b6 75 fd 6e 20 e0 05 a2 36 08 7e
3e 27 56 8c ff 2d 3e 0f ff df c9 60 97 83 65 ba
93 f8 04 50 4b 01 02 3f 00 14 00 00 00 08 00 aa
9d 1a 57 a1 8b 85 3f ad 01 00 00 bc 01 00 00 08
00 24 00 00 00 00 00 00 00 20 00 00 00 00 00 00
00 66 6c 61 67 2e 7a 69 70 0a 00 20 00 00 00 00
00 01 00 18 00 59 40 c2 2b 1b d8 d9 01 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 50 4b 05
06 00 00 00 00 01 00 01 00 5a 00 00 00 d3 01 00
00 00 00 0d 0a

  • Or you can only remove hex before 50 4b 03 and after 00 0d 0a

  • Or you can save all the content and remove it with hex editor.

  1. I use online hex editor to paste the hex and save it into secret.zip

hex_editor_01

hex_editor_02

hex_editor_03

  1. Unzip the file and we got flag.txt

flag_file

  1. cat the flag file and we got ==QflRGMDNDRf50XlxWam9FUANEUfp1M7NjMUR1Q

  2. Reverse it, and decode with BASE64

decode

  1. The result is CTT23{3Z_PC@P_file_N_D3C0de}