diff --git a/forensics/torrent_analyze/solve.sh b/forensics/torrent_analyze/solve.sh new file mode 100755 index 0000000..2033c89 --- /dev/null +++ b/forensics/torrent_analyze/solve.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p tshark jq + +# NOTE: torrent.pcap is big, has been omitted + +tshark -r torrent.pcap -Y 'bt-dht' -Y 'frame contains "info_hash"' -T fields -e bt-dht.bencoded.string | grep --only-match -E 'info_hash,[a-z0-9]+' | sed 's/info_hash,//' | sort -u + +echo +echo "e2467cbf021192c241367b892230dc1e05c0580e -> picoCTF{ubuntu-19.10-desktop-amd64.iso}"