Description: Find flag in this file
After extracting data in the compressed file, we found a .pcap file. Analyze the file with Wireshark, we found there're lots of ICMP packets in it. After checking those packets with eyes wide-open, we found some interesting stuff : one of the ICMP packet contains the following data:
At first I just think that this might be a part of a md5-encrypted string. But then I found that other packets contains similar data, too. I found that there's data like
7069636b206d653a203965...etc. Notice that there's a slight difference between those strings: their last 4 characters are different.
So I take a good look at those strings, and found that those were actually a string represent as hex values. If we convert those hex values into characters,
7069636b206d653a20 will be
pick me:. So the string
7069636b206d653a204153 will be
pick me: AS. This discovery got my attention, so I kept searching data that contains
7069636b206d653a20, and found that not only ICMP, but also IPv4 protocol contains these data. So I deicided to use
grep to get those data out of the file, and here's the result:
Filter out the duplicate one, the final result will be like this:
We can see that there're totally 19 lines of data. Each data contains 2 characters in the flag, which means there're totaly 38 characters. The flag's format is
ASIS_md5(xxx), which is a 37-characters string, so we can expect that if we combine the last 2 characters in each data, we'll know what the flag is. To do this, just write a python script and let the program do the rest.
Boom! CTF ;)