### Write up

The given file is a pcap file, so open it up in Wireshark. Looking at the packets, there is only 1 main service: FTP. The name is 'vsFTPd' and version is '2.3.4'. The first command the attacker runs is 'id'. Putting this together, we get:
```bash
echo -n vsFTPd_2.3.4_id | md5sum # a806fef72a92508b7a64776bb83ad4cb
```

### Flag - n00bz{a806fef72a92508b7a64776bb83ad4cb}

Original writeup (https://github.com/n00bzUnit3d/n00bzCTF2023-OfficalWriteups/tree/master/Forensics/Hecked).