HITB GSEC CTF 2017 – Cephalopod

Open the downloaded file in Wireshark.

Screenshot (248)

Okay lets see…….The Ceph protocol seems interesting (as there is some conversation in that protocol) .Let’s apply ceph filter.

screenshot-249.png

Hmm…..Now scroll down a bit, on number 308 (that’s a huge one) . Let’s examine it.

After a few minutes of examining the packet I came across operation payload which seems interesting.

Screenshot (250)

It looks like this is a png file. See the file signature (89 50 4e….) Its definitely an image.

Let’s export the image. Right click on operation payload and click Export Packet Bytes

Screenshot (252)

Now save it as .png Screenshot (251)

This is the image you will get

image

Looks like this is the flag .

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s