diff --git a/forensics/ph4nt0m_1ntrud3r/myNetworkTraffic.pcap b/forensics/ph4nt0m_1ntrud3r/myNetworkTraffic.pcap new file mode 100644 index 0000000..9ac51d3 Binary files /dev/null and b/forensics/ph4nt0m_1ntrud3r/myNetworkTraffic.pcap differ diff --git a/forensics/ph4nt0m_1ntrud3r/solve.py b/forensics/ph4nt0m_1ntrud3r/solve.py new file mode 100755 index 0000000..278d05c --- /dev/null +++ b/forensics/ph4nt0m_1ntrud3r/solve.py @@ -0,0 +1,20 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i python3 -p "python3.withPackages (ppkgs: with ppkgs; [ scapy ])" + +from scapy.all import * +from pathlib import Path +from base64 import b64decode + +def main(): + cap = rdpcap(str(Path(__file__).parent / 'myNetworkTraffic.pcap')) + + sorted_packets = sorted(cap, key = lambda p: p.time) + packet_data = [packet.load.decode() for packet in sorted_packets] + decoded_data = [b64decode(chunk) for chunk in packet_data] + concat_data = b''.join(decoded_data) + flag = concat_data[concat_data.find(b'picoCTF'):].decode() + print(flag) + + +if __name__ == '__main__': + main()