Rating:
## PAIN IN THE ASS ##
![alt text](https://www.0xbluesky.io/CTF/WRITEUP/sharkyctf/painInTheAss1.jpg "Challenge")
The given file "pain-in-the-ass.pcapng" is a TCP-IP packet capture and can be opened using WireShark.
And this capture shows that a hacker is trying to exploit an SQL injection(SQLi) vulnerability.
To obtain the different queries sent by the hacker, we have to filter them like this :
```
1. Make a Wireshark filter : "pgsql.type == "Simple query";
2. Select one of the packets;
3. Then right click on it;
4. And choose the option Follow > TCP.stream.
```
![alt text](https://www.0xbluesky.io/CTF/WRITEUP/sharkyctf/painInTheAss2.jpg "Challenge")
Each time that a letter is found and valid, the following message occurs :
![alt text](https://www.0xbluesky.io/CTF/WRITEUP/sharkyctf/painInTheAss3.jpg "Challenge")
And by repeating this process all over the messages, we can get the final flag :
**shkCTF{4lm0st_h1dd3n_3xtr4ct10n_0e18e336adc8236a0452cd570f74542}**