🚩
Capture the Flag
  • Capture the Flag
  • PicoCTF
    • PicoCTF 2023
      • General Skills
        • chrono
        • money-ware
        • Permissions
        • repetitions
        • useless
        • Special
        • Specialer
      • Cryptography
        • HideToSee
        • ReadMyCert
        • rotation
        • PowerAnalysis: Warmup
      • Reverse Engineering
        • Ready Gladiator 0
        • Reverse
        • Safe Opener 2
        • timer
        • Ready Gladiator 1
      • Forensics
        • PcapPoisoning
        • hideme
        • who is it
        • FindAndOpen
      • Binary Exploitation
        • two-sum
      • Web Exploitation
        • MatchTheRegex
        • findme
Powered by GitBook
On this page
  • Description
  • Solution
  • Flag
  1. PicoCTF
  2. PicoCTF 2023
  3. Forensics

PcapPoisoning

Author: Mubarak Mikail | 100 points

PreviousForensicsNexthideme

Last updated 1 year ago

Description

How about some hide and seek heh?

Download this file and find the flag.

Solution

For this challenge we are given a pcap file and told to investigate it. Once we open the pcap file in Wireshark, we can see the majority of the data is from a root FTP login session.

After scrolling through the packet data we eventually come across a packet which contains the flag.

If the pcap was much larger, we could also have found the flag using the Find Packet (Ctrl+F) tool, specifying a search for packet bytes and using the string "pico" to search.

Flag

The flag found in the network traffic is picoCTF{P64P_4N4 L7S1S_SU55355FUL _31010c46}

FTP traffic
flag
Find Packet