FindAndOpen
Author: Mubarak Mikail | 200 points
Last updated
Author: Mubarak Mikail | 200 points
Last updated
Someone might have hidden the password in the trace file.
Find the key to unlock this file. This tracefile might be good to analyze.
For this challenge we are given two files: one PCAP and one ZIP file.
It appears we are suppose to find the password for the zip file somewhere within the pcap. The pcap is pretty small thankfully, only 69 packets.
Upon examining the first few Ethernet frames we are given a hint.. or a tease:
After examining the data of the other frames we are given more hints:
Around these frames are 26 mDNS (multicast DNS) packets. Multicast DNS is pretty much regular DNS but for smaller networks where, instead of querying a name server, all participants in the network are directly addressed.
Investigating the mDNS queries and responses, I coudn't find anything interesting so I pivoted back to the Ethernet frames.
Some of the data from the frames I noticed, appeared to be Base64. Therefore I decoded the text.
Using this, we can try to unlock the zip file. picoCTF{R34DING_LOKd_
The flag is picoCTF{R34DING_LOKd_fil56_succ3ss_b98dda6a}