[Forensics] Marshal in the Middle

I think u should edit your spoiler.
and yes.

For some reason it seems I can not edit my post… Thanks for confirming the direction I took though :slight_smile:

@dotan3 said:
I started working on this challenge but feel really dumb. Here is what I found so far:

*** PROBABLE SPOILER ***

Spoiler Removed - Arrexel
You are in the right direction. Think of what you are looking for, how it will look like and what makes it important, you’ll catch it. keep going.

Spoiler Removed - Arrexel

NM. I got it. Thanks. I guess I was just looking a little too hard. :-/

That’s where I’m stuck. I can see the actual exfiltration occur, but not seeing the flag…

Me too. Can someone PM?

animal1111, PM’d you. d3c3pt10n. just like when you’re lost in the woods: find a stream and follow it.

the flag is in plain sight but you do have to dig into the data. As I mentioned to anima1111 - this was my first puz so I had no idea what to look for. It really is obvious when you see it.

Happy Hunting

Thanks for the hint grauwulf. Unfortunately, I have followed the stream and saw what took place, but I have been unsuccessful in the flag input part.

@anima1111 said:
Thanks for the hint grauwulf. Unfortunately, I have followed the stream and saw what took place, but I have been unsuccessful in the flag input part.

Perhaps you are using the wrong ‘spectacles’ to look at the encrypted data.

Need some nudge all above already tried …

you already got what you need @imrnrza
there’s a big spoiler on above comment (which is quoted by @briyani)
while there’s a google on how you can solve this challenge.

The impact of the work done by Diffie-Hellman is absolutely Not Ephemeral :wink:

I’m struggling with this one too. Pretty sure I found the exfiltrated data but not able to locate the flag. Can someone help me out? PM to avoid spoilers.

Will this challenge end in a standard flag? I believe I know what is ex filled wondering if we need to crack any of the data. Trying not to give away any spoilers. I have a stream the stream shows some commands gathering some sensitive data and sending it off. i dont have a forensics background, just taking a shot from the knowledge i have and some classes I have taken.

@genxweb you have a lead, just follow it. You have everything you need already.

I think I also solved it. I could decrypt the messages from the attacker and read the sensible data, but I cannot find the correct flag. Can someone help me to find the exact flag.

@genxweb said:
Will this challenge end in a standard flag? I believe I know what is ex filled wondering if we need to crack any of the data. Trying not to give away any spoilers. I have a stream the stream shows some commands gathering some sensitive data and sending it off. i dont have a forensics background, just taking a shot from the knowledge i have and some classes I have taken.

I’ve got the trail of our guy but it looks like I can get the first and the second part of something but not the third part and I’m sure that the third part has the juice.

Yeah Iam stuck there on the in the middle part. found the sensitive data and where it came from then looked there and think i have the packet but for some reason that packet does not seem to decode.

By any chance is the legible? like in the format of HTB{Blah}? I found where it looks to be posting the contents of a well known file from /etc/* and the break down of the cert. Any particular area that should be looked at more?