This is the Digital forinsces challenge Reprisal writeup for the HAC-SEC CTF2021
Details | |
---|---|
Points | 300 |
Category | Digital Forensics |
Okay first I download the file and it was pcap file so I opened it and went through tcp streams till I found stream 4 include zip file
header and file name called = “da_op_files.zip”
So I extracted this
file by using network miner
I tried to extract it but it had password so I tried
to use john on it but nothing so I back to tcp streams again and I found the password on
the 5 th stream and it was = “ 4lls4f3s3cur1ty ”
So I extracted data and I got 1 pdf and 1 pcap file so I checked the pcap file but nothing
interesting in it so I tried if there is any tool to crack pdf password
so I found that there
is pdf2john.pl
So I tried it and I got the password = “ ihatehackers ”
So it’s looks like
base64
So, I can
see that it’s png from the header and footer
So, after
I used it wow it’s corrupted!!!
So I started to fix it and boom the flag: