![alt text](https://www.0xbluesky.io/CTF/WRITEUP/sharkyctf/painInTheAss1.jpg "Challenge")

The given file "pain-in-the-ass.pcapng" is a TCP-IP packet capture and can be opened using WireShark.
And this capture shows that a hacker is trying to exploit an SQL injection(SQLi) vulnerability.
To obtain the different queries sent by the hacker, we have to filter them like this :

1. Make a Wireshark filter : "pgsql.type == "Simple query";
2. Select one of the packets;
3. Then right click on it;
4. And choose the option Follow > TCP.stream.

![alt text](https://www.0xbluesky.io/CTF/WRITEUP/sharkyctf/painInTheAss2.jpg "Challenge")

Each time that a letter is found and valid, the following message occurs :

![alt text](https://www.0xbluesky.io/CTF/WRITEUP/sharkyctf/painInTheAss3.jpg "Challenge")

And by repeating this process all over the messages, we can get the final flag :

Original writeup (https://www.0xbluesky.io/CTF/WRITEUP/Sharkyctf2020.html#PAIN-IN-THE-ASS).