FindAndOpen

~# cat Question

Someone might have hidden the password in the trace file. Find the key to unlock this file. This tracefile might be good to analyze.
FILES: flag.zip, dump.pcap

Trying to unzip flag.zip, we will be prompted for a password to unzip it. For this challanege, I assumed that the password would be hidden in the hexdump of the dump.pcap file. When we open dump.pacp in Wireshark, and scroll through the packets, there are a lot of base64 encoded text in the hex dump. However in packet 48, there is one fully encoded base64 text while the rest was halfway encoded.

We can put the base64 encoded text into a base64 decoder to get the password for the file. However, I just used the CLI decoder.

┌──(tev㉿kali)-[~/pico]
└─$ echo "VGhpcyBpcyB0aGUgc2VjcmV0OiBwaWNvQ1RGe1IzNERJTkdfTE9LZF8=" | base64 -d
This is the secret: picoCTF{R34DING_LOKd_

Inputting this as the password of the zipped flag.zip will give us the flag.

┌──(tev㉿kali)-[~/pico]
└─$ unzip flag.zip
Archive:  flag.zip
[flag.zip] flag password: picoCTF{R34DING_LOKd_
 extracting: flag 

┌──(tev㉿kali)-[~/pico]
└─$ cat flag
picoCTF{R34DING_LOKd_fil56_succ3ss_419835ef}

Flag: picoCTF{R34DING_LOKd_fil56_succ3ss_419835ef}

Previouswho is it NextMSB

Last updated 7 months ago