Rating:

Easy Trade

PROBLEM

We just intercepted some newbies trying to trade flags.

Author: bibiwars foren_trade

SOLUTION

Opening the file in wireshark we see that there's quite a few protocols but we focused on the TCP.

I randomly followed a TCP protocol in starting and it said

give me the key
Okay, listen on 4444 for the flag

alt text

So I decided to follow the TCP on port 4444 and we see that there is some zip data. We the hex values in a file.

alt text

Then

>>> xxd -r -p file > for.zip

This will form the zip file but the file is password protected. First I thought of running John on it but then I decided to look into the remaining TCP packets and there I found the password.

alt text

There you'll find the base64 of the flag

c2VjdXJpbmV0c3s5NTRmNjcwY2IyOTFlYzI3NmIxYTlmZjg0NTNlYTYwMX0

Decode it

echo "c2VjdXJpbmV0c3s5NTRmNjcwY2IyOTFlYzI3NmIxYTlmZjg0NTNlYTYwMX0" | base64 -d
securinets{954f670cb291ec276b1a9ff8453ea601}

FLAG - securinets{954f670cb291ec276b1a9ff8453ea601}

Original writeup (https://github.com/mzfr/ctf-writeups/tree/master/Securinets_Prequals_2K19/Forensic/Easy_trade).