From ae8bd808bb370c6e942a2624bb5ef3d17a62c08b Mon Sep 17 00:00:00 2001 From: h7x4 Date: Thu, 2 Jul 2026 02:58:50 +0900 Subject: [PATCH] forensics/torrent_analyze --- forensics/torrent_analyze/solve.sh | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100755 forensics/torrent_analyze/solve.sh diff --git a/forensics/torrent_analyze/solve.sh b/forensics/torrent_analyze/solve.sh new file mode 100755 index 0000000..2033c89 --- /dev/null +++ b/forensics/torrent_analyze/solve.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p tshark jq + +# NOTE: torrent.pcap is big, has been omitted + +tshark -r torrent.pcap -Y 'bt-dht' -Y 'frame contains "info_hash"' -T fields -e bt-dht.bencoded.string | grep --only-match -E 'info_hash,[a-z0-9]+' | sed 's/info_hash,//' | sort -u + +echo +echo "e2467cbf021192c241367b892230dc1e05c0580e -> picoCTF{ubuntu-19.10-desktop-amd64.iso}"