PicoCTF-2019 Writeup
Search
K

WebNet0

Problem

We found this packet capture and key. Recover the flag. You can also find the file in /problems/webnet0_0_363c0e92cf19b68e5b5c14efb37ed786.

Solution

  1. 1.
    Open in Wireshark
  2. 2.
    Go to Edit > Preferences > Protocols > TLS > RSA keys list
  3. 3.
    Add the key to the list (don't worry about ip and other columns)
  4. 4.
    Flag is in decrypted TLS section of the now visible HTTP packets
    HTTP/1.1 200 OK
    Date: Fri, 23 Aug 2019 15:56:36 GMT
    Server: Apache/2.4.29 (Ubuntu)
    Last-Modified: Mon, 12 Aug 2019 16:50:05 GMT
    ETag: "5ff-58fee50dc3fb0-gzip"
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Content-Encoding: gzip
    *Pico-Flag: picoCTF{nongshim.shrimp.crackers}*
    Content-Length: 821
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: text/html

Flag

picoCTF{nongshim.shrimp.crackers}
Previous
Investigative Reversing 4
Next
B1g_Mac
Last modified 2yr ago