Forensics – WebNet1

WebNet1 - 450pt

Challenge

We found this packet capture and key. Recover the flag.

Hints

Try using a tool like Wireshark.
How can you decrypt the TLS stream?

Solution

Same process as WebNet0. Open the pcap file with Wireshark. This time a jpeg image is requested via HTTP (vulture.jpg). If you go in packet 91 and look at the reassembled ssl bytes you will find the flag hidden inside.

picoCTF{honey.roasted.peanuts}

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *