Rating:
## Networks/skat's Network History (44 solves)
Created by: `skat`
> "I love cats."
Note: this challenge is a continuation to Forensics/skat's SD Card. You are dealing with the same scenario. skats-sd-card.tar.gz is the same file from that challenge (SHA-1: 4cd743d125b5d27c1b284f89e299422af1c37ffc).
Looking at what were given, we have some 802.11 packets and we don't know the password, hashcracking was no good here so I went looking for a password.
Due to some recon from the home directory, this is likely a raspberry Pi. The Firefox data shows nothing of interest, the `Bookshelf` folder has a PDF for setting up a raspberry pi, so checking on the `/etc/NetworkManager` folder I see `system-connections` and then `skatnet.nmconnection`, which contains a WiFi password.
```
[connection]
id=skatnet
uuid=470a7376-d569-444c-a135-39f5e57ea095
type=wifi
interface-name=wlan0
[wifi]
mode=infrastructure
ssid=skatnet
[wifi-security]
auth-alg=open
key-mgmt=wpa-psk
psk=
[ipv4]
method=auto
[ipv6]
addr-gen-mode=default
method=auto
[proxy]
```
We get our password: `agdifbe7dv1iruf7ei2v5op`
I then go to my Wireshark preferences, then Protocols > IEEE 802.11 and Edit the Decryption keys to add `agdifbe7dv1iruf7ei2v5op` as a `wpa-pwd`.
I then go to Protocols > TLS and setting the (Pre)-Master-Secret log file to the other file we are given (`sslkeyfile`) allows us to read the HTTPS traffic.
Looking through the traffic, specifically HTTP/2, a URL catches my eye.
A pastebin entry! Let's find the response.
Packet 6197 holds the key, inside is our flag. `irisctf{i_sp3nd_m0st_of_my_t1me_0n_th3_1nt3rnet_w4tch1ng_c4t_v1d30s}`.
**Files:** [skats-sd-card.tar.gz](https://web.archive.org/web/20240107230452/https://cdn.2024.irisc.tf/skats-sd-card.tar.gz) [skats-network-history.tar.gz](https://web.archive.org/web/20240107231621/https://cdn.2024.irisc.tf/skats-network-history.tar.gz)
