Forensics: MarketDump

Type your comment> @Kiewicz said:

Pretty easy i guess, once you understand what type of decoder to use.

Great tip.

Type your comment> @TsukiCTF said:

Hint: You don’t need wireshark at all for this challenge. Just look for some long strings in the file which stands out, and decode it.

Yeah, that help me to complete thx, but… Why is that the flag? Why we know that was the goal of the criminal?

Yea im lost with this. The tips that just say you don’t need to open it with wireshark and just look in the file, aren’t helpful lol. I can see the whole process of the “criminal” logging into the site as admin and extracting everything but I can’t see which user it is. I have no idea what I am supposed to be decoding here.

Any tips?

Type your comment> @TurinGiants said:

Yea im lost with this. The tips that just say you don’t need to open it with wireshark and just look in the file, aren’t helpful lol. I can see the whole process of the “criminal” logging into the site as admin and extracting everything but I can’t see which user it is. I have no idea what I am supposed to be decoding here.

Any tips?

Try to filter by bytes sent/received

Guys, i’ve been working this for over a day now and I can’t find what everyone is getting. Its driving me insane. I have viewed the pcap, ive seen the “hackers” actions, but I cannot find the ■■■■ name of the customer involved. Can someone please pm me and tell me where to look for the string to decode? I have looked up and down the file and can’t find this flag.

I would really appreciate it!

Type your comment> @TurinGiants said:

Guys, i’ve been working this for over a day now and I can’t find what everyone is getting. Its driving me insane. I have viewed the pcap, ive seen the “hackers” actions, but I cannot find the ■■■■ name of the customer involved. Can someone please pm me and tell me where to look for the string to decode? I have looked up and down the file and can’t find this flag.

I would really appreciate it!

I like numbers.

Type your comment> @cyberus said:

Type your comment> @TurinGiants said:

Guys, i’ve been working this for over a day now and I can’t find what everyone is getting. Its driving me insane. I have viewed the pcap, ive seen the “hackers” actions, but I cannot find the ■■■■ name of the customer involved. Can someone please pm me and tell me where to look for the string to decode? I have looked up and down the file and can’t find this flag.

I would really appreciate it!

I like numbers.

As do I. I see a lot of them. Especially after American but am I looking directly at it?

I can stare at numbers all day long…until enlightenment.

I’m a fucking idiot. I just got it…

Really cool challenge, I share a nice online tool for forensic => https://packettotal.com
Do not hesitate to use CyberChef also :slight_smile:

This challenge if addressed from the forensics point of view takes a lot of time, but if you examine each piece of evidence, it can be very rewarding. You can learn about the attack and get interestings conclusions from the big picture.

If you see it from a CTF point of view, all the hints are given. Go for the long strings and use @avetamine CyberChef to check all the encodings very quickly.

Just solved this as well, quite an interesting challenge. Note that there are two of the same string, but there’s plenty of numbers :wink:

Hit me up if you need assistance!

Just got it after about an hour :slight_smile: Lots of fun. Notepad++ was a great help.

I do it in few minutes after while of consulting. Lots of fun with many text.
If you wanna help - just PM me :slight_smile:

■■■ :frowning: still with the hints from this topic I can’t solve it yet …

Thank you @Peyphour and @Anvillian

hello friend,
who could help me??
thank you

Tip: Analyze the evidence calmly, do not let the boredom take care of you !

yuk - anyone? I have the data but I don’t find the correct tool/ algorithm for the last step. (and I’m totally bored :wink: )

got it … had the right content but somehow … no worries, it’s easy. CyberChef, again, is a good choice.