Ph4nt0m 1ntrud3r

Challenge Details

Analysis and Solution

After downloading the file, we can see it is a pcap file, we can use wireshark which is a robust packet analysis tool for this as shown

we can see that the packets are not ordered, the time each packet has arrived is different and not in any concise order

Further more on the above image we can see small amounts of data base 64 encoded as well. To extract this information we can use the strings command to do so.

└─$ strings myNetworkTraffic.pcap 
ezF0X3c0cw==
cGljb0NURg==
bnRfdGg0dA==
Yt8ksMM=
3psv5C4=
YQEFzIU=
YmhfNHJfOQ==
a23/UbI=
TOGSGg4=
bpzQ0R8=
fQ==
nfu4Vww=
J4auZMY=
ePRXDio=
fjIzQwk=
XThGxuE=
ckBkZLk=
CJr4oDk=
BgJLB0c=
XzM0c3lfdA==
NTlmNTBkMw==
dgV9v0s=

However this is not in order, to order them according to the time in which they were sent we have to make use of tshark which is a CLI based packet analysis tool.

└─$ tshark -r myNetworkTraffic.pcap -Y "tcp.len > 0" -T fields -e frame.time_epoch -e tcp.payload | sort -n | cut -f 2- | while read payload; do if [ -n "$payload" ]; then echo ${payload//:} | xxd -r -p; echo; fi; done
ePRXDio=
dgV9v0s=
nfu4Vww=
XThGxuE=
CJr4oDk=
TOGSGg4=
ckBkZLk=
YQEFzIU=
3psv5C4=
a23/UbI=
BgJLB0c=
Yt8ksMM=
fjIzQwk=
bpzQ0R8=
J4auZMY=
cGljb0NURg==
ezF0X3c0cw==
bnRfdGg0dA==
XzM0c3lfdA==
YmhfNHJfOQ==
NTlmNTBkMw==
fQ==
             

submit the base64 decoded flag to complete the challenge!