Tags: scapy pcap scripting
Rating:
This challenge involved a pcap file that contained ICMP 26,682 packets, all with src/dst IPs of 127.0.0.1
-----
[]
-----
Scrolling through the packets, some of the packets had a lot of trailing trailing characters that were the same. I created a script to see if there was any pattern that emerged.
-----
```
#!/usr/bin/env python3
from scapy.all import *
packets = rdpcap('loopback.pcap')
rawlist = []
for i in packets:
x = str(i[Raw].load)
for k in range(5,8):
if x[-k] == x[-8]:
rawlist.append(x[-8])
flag = ""
new_rawlist = rawlist[::6]
for letter in new_rawlist:
flag += str(letter)
print("The flag is: " + flag)
```
-----
This output the following:
-----
```
The TestFlag is: PPPPPPNNNNNNGGGGGGrrnnnnrrIIIIIIHHHHHHDDDDDDRRRRRRrrrrrrqqqqqq888888ggggggAAAAAAMMMMMMAAAAAAaaaaaa ccccccHHHHHHRRRRRRMMMMMMzzzzzz&&&&&&uuuuuu000000``````::::::ppppppQQQQQQ<<<<<
