Gonna leave this here because I think the challenge is not really clear.
There is something in the capture that will stand out. Once you find it, stop and try to decode it using a variation of a well known encoding.
ah ah the hint of the challenge is not really clear, i think too
Since I am getting quite some PMs regarding this challenge, you can solve it in less than 2 minutes by using some very basic tools or cmd pipe combinations, and taking a quick skim through output – you don’t even need Wireshark.
Finally found the flag (my first challenge "owned’), thanks to the hints here. I spent too much time in wireshark analyzing and not enough trying to actually find the flag. It feels silly now how easy it was.
Side note: Is this challenge worth 30 pts or 3 pts? My profile only says +3, which is disappointing b/c I was psyched to finally be a script kiddie lol.
Yea im lost with this. The tips that just say you don’t need to open it with wireshark and just look in the file, aren’t helpful lol. I can see the whole process of the “criminal” logging into the site as admin and extracting everything but I can’t see which user it is. I have no idea what I am supposed to be decoding here.
Yea im lost with this. The tips that just say you don’t need to open it with wireshark and just look in the file, aren’t helpful lol. I can see the whole process of the “criminal” logging into the site as admin and extracting everything but I can’t see which user it is. I have no idea what I am supposed to be decoding here.
Guys, i’ve been working this for over a day now and I can’t find what everyone is getting. Its driving me insane. I have viewed the pcap, ive seen the “hackers” actions, but I cannot find the ■■■■ name of the customer involved. Can someone please pm me and tell me where to look for the string to decode? I have looked up and down the file and can’t find this flag.
Guys, i’ve been working this for over a day now and I can’t find what everyone is getting. Its driving me insane. I have viewed the pcap, ive seen the “hackers” actions, but I cannot find the ■■■■ name of the customer involved. Can someone please pm me and tell me where to look for the string to decode? I have looked up and down the file and can’t find this flag.