From 1e8d6b08d30d44fb9f807b93df95fdc96b48ed6a Mon Sep 17 00:00:00 2001 From: h7x4 Date: Thu, 2 Jul 2026 01:57:14 +0900 Subject: [PATCH] forensics/ph4nt0m_1ntrud3r --- .../ph4nt0m_1ntrud3r/myNetworkTraffic.pcap | Bin 0 -> 1452 bytes forensics/ph4nt0m_1ntrud3r/solve.py | 20 ++++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 forensics/ph4nt0m_1ntrud3r/myNetworkTraffic.pcap create mode 100755 forensics/ph4nt0m_1ntrud3r/solve.py diff --git a/forensics/ph4nt0m_1ntrud3r/myNetworkTraffic.pcap b/forensics/ph4nt0m_1ntrud3r/myNetworkTraffic.pcap new file mode 100644 index 0000000000000000000000000000000000000000..9ac51d3f75ceeef32f2ff39b93b18868602decae GIT binary patch literal 1452 zcmca|c+)~A1{MYw`2U}Q;Ryo+gTMI6bcQ581``GbFm?q|j0_A8Y(Mf2tYBa|u!50^ zL4+XyrZ0d=fq^xefg!cZ%^<=!*&w;x))r(&br2te0RsaVyMic)8AZ6vn9sn#;Hh1e z=j@dZ)~^{xn*M8d7#Q>|1EYdUlEM0?#gL|di8up8shhS@Xh<y9^8#sl{Rb-X>uE>WQSq!CyxPhGh4gtRw@!(4cfk9N34F=7t}; z7#O_6T{Dcb0>N&$5lNbU-bV}!PVSCj&Z!n){p+Gh)4xEKfg#9I+q}Z99IT%`m9#LB zmStdw%*{yi^YBWGa)g9Ic`Rveka^9(;Oy&KVQd142jh6s^snM&UcKW@?A2E zO+z5*QGmoe8TXHYq0A^EJ;w)9ChSh*W6)t>0Ap7W1u4_YaFuD9(-|1j0wL+pK7lm1 R_ncs02oA|hO-+il1pwpL8Y=(* literal 0 HcmV?d00001 diff --git a/forensics/ph4nt0m_1ntrud3r/solve.py b/forensics/ph4nt0m_1ntrud3r/solve.py new file mode 100755 index 0000000..278d05c --- /dev/null +++ b/forensics/ph4nt0m_1ntrud3r/solve.py @@ -0,0 +1,20 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i python3 -p "python3.withPackages (ppkgs: with ppkgs; [ scapy ])" + +from scapy.all import * +from pathlib import Path +from base64 import b64decode + +def main(): + cap = rdpcap(str(Path(__file__).parent / 'myNetworkTraffic.pcap')) + + sorted_packets = sorted(cap, key = lambda p: p.time) + packet_data = [packet.load.decode() for packet in sorted_packets] + decoded_data = [b64decode(chunk) for chunk in packet_data] + concat_data = b''.join(decoded_data) + flag = concat_data[concat_data.find(b'picoCTF'):].decode() + print(flag) + + +if __name__ == '__main__': + main()