CTFtime.org / Google Capture The Flag 2016 / No Big Deal / Writeup

Tags: caploader forensics

Rating: 1.0

# Naive Search
We first searched for common encodings for the flag header "CTF{" with CapLoader:

![Search for Encoded Strings](search-encoded.png)

Clearly, there was an encoded representation of the flag in the packet capture. Next we determined by elimination that it was Base64 being used, then we sent the reassembled flow to a Base64 decoder to obtain the flag.

Original writeup (https://github.com/h4x0r/ctf-writeups/blob/master/Google-CTF-2016/No-Big-Deal/README.md).

No Big Deal

Comments

Sign in with