Rating:
# WhiteHat Challenge 03 : For001
**Category:** For
**Points:** 15
**Solves:**
**Description:**
> This piece of data is captured via USB port, look for the flag transferred through it.
>
> You can use Wireshark to read the file pcapng.
> Download file pcap here:
> http://material.wargame.whitehat.vn/challenges/3/For001_61fb3e6d8aa22c75362af02e798331bbf5b73a4b.zip
>
> Submit WhiteHat{sha1(flag)}
> Example: flag = Hello World
> sha1("Hello World") = 0a4d55a8d778e5022fab701977c5d840bbc486d0
> submit: WhiteHat{0a4d55a8d778e5022fab701977c5d840bbc486d0}
> (all hash characters in lowercase)
## Write-up
use Wireshark can export a zip fie, open it we get the flag.
## Other write-ups and resources
* [Kole and Associates](https://gospelofmark.ch/whitehat-challenge-03-for001-forensics.html)
