CTF page: https://ctftime.org/event/753

Team: NoPwnNoGain

Zippy

Description

Can you read the flag from the PCAP?

We are provided with zippy.pcapng file.

Opening the file in wireshark and checking the stream, I see a zip file is being sent and the password of the zip as well.

I then sorted the packets with length to identify the largest as I assumed that will be our file. To get the file, select the packet then File → Export packet bytes → Save it as flag.zip

unzip -P supercomplexpassword flag.zip

Flag: CTF{this_flag_is_your_flag}

Table-tennis

Description

The flag is in the Pcap, can you find it?

We are given out.pcapng file. Inspecting the file in wireshark most of the traffic is encrypted TLS so nothing could be read. I then sorted the packets and found some ICMP packets that I had ignored had some data in them.

Instead of using wireshark to inspect each of them and get the information, I thought of using scapy to make it easier.

Here’s what the script recovered.

Decoding the string inside the <script> tags and removing the spaces I got the flag.

Blink

Description

Get past the Jedi mind trick to find the flag you are looking for.

We are provided with a blind.apk file. First used apktool to decompile it.

apktool d blink.apk

Going into the smali folder created by apktool

blink/smali/com/example/blink

There’s a r2d2.smali file. Inside there’s a string of base64 encoded image.

Decoded the image and got the flag.

Kookie

All you had to do was change cookie to admin.

Flag:

Twitter: ikuamike

Github: ikuamike