Rating:
![](https://i.ibb.co/Kmh18mK/Selection-033.png)
The file in the link is called find-me.pcapng which is a wireshark format.
So let's load up the file and look what we get:
![](https://i.ibb.co/4pmXZnh/Selection-034.png)
We can see that there were multiple connections to the knightctf domain, always prefixed by seemingly random letters. There are not too many of them so just extracting them manually gives us:
> VVBCTHtvMV9tcjNhX2VuMF9oazNfaTBofQ==
The == at the end hints towards it being a Base64 string so let's head over to cyberchef and decode from Base64:
> UPBL{o1_mr3a_en0_hk3_i0h}
The {} hints at the encoding being correct but it is still scrambled. The tasks mentions "Sir viginere" so it should be a Viginere cipher. Let's head over to: https://www.dcode.fr/vigenere-cipher We know that "KCTF" should be in the flag so let's check the option "Knowing a plaintext word"
![](https://i.ibb.co/ZXd1DkS/Selection-038.png)
We can see that the key "KNIGHE" gives a good but still unreadable result. Let's try KNIGHT:
![](https://i.ibb.co/ypMd9d0/Selection-039.png)
Tadaa. 300 points, maybe a bit overvalued.