easy-pcap

forensics challenge

given a pcap file

then I export HTTP object, then I got these files

then I cat all receive files

I see here there's a few base64 string and a hex. Then I decrypt all base64 strings

Then I got these two strings. Then I convert the hex to ascii and got this

I got the first part of the flag. Then proceed to investigate other files

The send files doesn't seem too interesting. How about the last file

hmmm it's a png file, interesting. So I opened the png file

I see this is a kuroko no basuke image. then I proceed to use stegsolve on it

I got the second part of the flag. Then I proceed to investigate this picture further

there's a file inside this png file. Then I extract it using binwalk then got these two files.

then I extract the 7zip file using ilovekuroko as the password

all the extracted files went to bomb folder

the bomb folder seemingly just a bunch of strings to make it confusing. but there's a secret file amidst all of this

then I got the last part of the flag

Last updated 11 days ago