# basic coms (forensics, 50p, 170 solved)

## Description

```
Look for it and you shall find the flag.

Flag format: CTF{sha256}
```

In the task we get a 60MB pcap file (not attached).

## Task analysis

We drop the file into NetworkMiner for initial inspection.
There are some `Parameters` extracted so we look there and we can see:

```
/?important=The%20content%20of%20the%20f%20l%20a%20g%20is%20ca314be22457497e81a08fc3bfdbdcd3e0e443c41b5ce9802517b2161aa5e993%20and%20respects%20the%20format
```

So the message is:

```
The content of the f l a g is ca314be22457497e81a08fc3bfdbdcd3e0e443c41b5ce9802517b2161aa5e993 and respects the format
```

And flag is: `CTF{ca314be22457497e81a08fc3bfdbdcd3e0e443c41b5ce9802517b2161aa5e993}`

Original writeup (https://github.com/TFNS/writeups/tree/master/2020-12-05-DefCampCTF/basiccoms).