Forensics – WebNet0

WebNet0 - 350pt

Challenge

We found this packet capture and key. Recover the flag.

Hints

Try using a tool like Wireshark.
How can you decrypt the TLS stream?

Solution

Open the pcap file with Wireshark. The pcap file contains tls traffic between a server and a client, so traffic is encoded with a secure socker layer handshake. Having the key file we can go to edit>preferences>protocols>ssl>insert key file.
The application data packets that were encoded will render into http data. In the packet 32 is contained the field Pico-Flag that contains in fact the flag.

picoCTF{nongshim.shrimp.crackers}

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *