diff options
| author | Malfurious <m@lfurio.us> | 2022-03-30 01:59:18 -0400 |
|---|---|---|
| committer | Malfurious <m@lfurio.us> | 2022-03-30 01:59:18 -0400 |
| commit | 3cf310e2f2c308e544a5681a2ba711b2adb8680c (patch) | |
| tree | e940b75a0fab67158e5dcc0f3a25d1a86d5f8acd /docs/writeups/picoCTF_2022/Eavesdrop.txt | |
| parent | 6a617f6dea973862fc88fdbdbbf9c7afed44de62 (diff) | |
| parent | b8fe6c1f444b017582d191cdbdb8bbd8357849c7 (diff) | |
| download | lib-des-gnux-3cf310e2f2c308e544a5681a2ba711b2adb8680c.tar.gz lib-des-gnux-3cf310e2f2c308e544a5681a2ba711b2adb8680c.zip | |
Merge branch 'malf-pico-2022'
* malf-pico-2022:
picoCTF 2022 results
Add signal and coredump tips to gdb document
Add writeup for picoCTF 2022 / unpackme
Add writeup for picoCTF 2022 / Eavesdrop
Add writeup for picoCTF 2022 / Wizardlike
Diffstat (limited to '')
| -rw-r--r-- | docs/writeups/picoCTF_2022/Eavesdrop.txt | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/docs/writeups/picoCTF_2022/Eavesdrop.txt b/docs/writeups/picoCTF_2022/Eavesdrop.txt new file mode 100644 index 0000000..a8b55a2 --- /dev/null +++ b/docs/writeups/picoCTF_2022/Eavesdrop.txt @@ -0,0 +1,48 @@ +Download this packet capture and find the flag. + +Category: forensics (300 points) +Chall author: LT 'syreal' Jones +Writeup author: malfurious + + + +Packet Capture Contents +----------------------- +We receive a pcap file. There is a bit of unrelated traffic, but two +conservations of interest: + + 1) A plaintext chat conversation between two parties on port 9001: + + Hey, how do you decrypt this file again? + You're serious? + Yeah, I'm serious + *sigh* openssl des3 -d -salt -in file.des3 -out file.txt -k supersecretpassword123 + Ok, great, thanks. + Let's use Discord next time, it's more secure. + C'mon, no one knows we use this program like this! + Whatever. + Hey. + Yeah? + Could you transfer the file to me again? + Oh great. Ok, over 9002? + Yeah, listening. + Sent it + Got it. + You're unbelievable + + 2) The transfer of the mentioned file, over port 9002: + + 00000000 53 61 6c 74 65 64 5f 5f 03 a9 15 e7 2c 0f b7 5f Salted__ ....,.._ + 00000010 35 2a da 1e 07 31 57 0d 63 6c af 9b 67 ac 26 48 5*...1W. cl..g.&H + 00000020 02 62 5a 94 48 b6 54 d1 ce 8a fb a4 dc ae 87 07 .bZ.H.T. ........ + +After saving the binary file contents to a local file, decrypt it using the +provided openssl command from the chat conservation. + + +> openssl des3 -d -salt -in file.des3 -out file.txt -k supersecretpassword123 +*** WARNING : deprecated key derivation used. +Using -iter or -pbkdf2 would be better. + +> cat file.txt +picoCTF{nc_73115_411_77b05957} |