This is the Digital forinsces challenge Reprisal writeup for the HAC-SEC CTF2021

Details  
Points 300
Category Digital Forensics

 

Okay first I download the file and it was pcap file so I opened it and went through tcp streams till I found stream 4 include zip file header and file name called = “da_op_files.zip”

 

 

 

 

 

So I extracted this file by using network miner

I tried to extract it but it had password so I tried to use john on it but nothing so I back to tcp streams again and I found the password on the 5  th stream and it was = “ 4lls4f3s3cur1ty ”

So I extracted data and I got 1 pdf and 1 pcap file so I checked the pcap file but nothing interesting in it so I tried if there is any tool to crack pdf password

so I found that there is pdf2john.pl

So I tried it and I got the password = “ ihatehackers ”

 

 

So it’s looks like base64

So, I can see that it’s png from the header and footer

 

 

So, after I used it wow it’s corrupted!!!

So I started to fix it and boom the flag: