Tags: strings pcap forensics wireshark
Rating:
**Flag Was just encoded in base64 , Strings is enough to get the flag**
Flag : HTB{0k_n0w_3v3ry0n3_h4s_t0_dr0p_0ff_th3ir_l3tt3rs_4t_th3_p0st_0ff1c3_4g41n}
```
┌──(kali㉿kali)-[~/HTBCTF/forensic/forensics_baby_apt]
└─$ strings -n 100 christmaswishlist.pcap|grep -i cmd|grep echo|cut -d "+" -f6|base64 -d
HTB{0k_n0w_3v3ry0n3_h4s_t0_dr0p_0ff_th3ir_l3tt3rs_4t_th3_p0st_0ff1c3_4g41n}
```
