Introduction

This year again, I was happy to be part of the organization committee for the GreHack conference and I created some challenges for the CTF. Organization was tricky this year, given that we had grown and sold almost 3x as many tickets as in previous years. Thanks to all the participants, organizers and sponsors, the event was once again complety insane 🔥 💚

Challenge

  • Name : People Can't Avoid PCAP
  • Category : Network / Intro
  • Difficulty : Very Easy
  • Solves : 38
  • Points : 50
  • Author : Nishacid

Do you really think you can escape the eternal analysis of PCAP in CTF? You’re a fool if you think so, but don’t worry, it’s not wacky I promise!

Solve

As the challenge suggests, we need to analyze a PCAP. The first thing we’re going to do is look at the different protocols in this capture in a hierarchical way.

A quick analysis of the HTTP protocol is inconclusive, as these are simple requests to the grehack.fr site, nothing conclusive. Let’s move on to the DNS protocol. On the last packets, we observe several TXT requests to grehack.fr and ctf.grehack.fr.

If we follow the traffic, we can see that the response from ctf.grehack.fr has the flag.

  • Flag : GH{DnS_1s_4_G00d_inTr0Tr0Tr0}

Resources