InfoSec Institute CTF Challenge #6

Another day,. another challenge…

Today’s challenge will be on the InfoSec Institute CTF Challenge #6.

See scenario below:

infosec_6_intro

Doing a page source we see the following:

infosec_6_pagesource

We see that there’s a pcap file if we select yes.

Opening Wireshark (which can be downloaded HERE)

We see the following:

infosec_6_wireshark

Wireshark is a program that is used to analyze network traffic. Most of the traffic in this file can be ignored as there is a lot of noise that is being displayed.

Looking at the first packet (UDP) we see the following:

infosec_6_udp_packet

We noticed there are a bunch of letters… possibly this is hexadecimal encoding?

Going to Google and searching for “hexadecimal decoding” we see the following link as the first result.

Clicking on the link and typing in the encoding we get the following:

infosec_6_finished

 

We found the flag!

Lessons learned:

  1. Download Wireshark!
  2. Inspect the packets, and pay attention to those that stand out. Usually the suspicious packets hold clues!
  3. These clues won’t give us the pot of gold on the first try. Most of the data will be obscured. So we will need to encode or decode the data
  4. Once we encode or decode usually the data will be there!

FYI – thenewboston on Youtube has a good beginner tutorial on Wireshark. Which can be found HERE.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s