daffainfo
/
ctf-writeup
mirror of https://github.com/daffainfo/ctf-writeup.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ctf-writeup/RITSEC CTF 2023/Web of Lies
History
Muhammad Daffa 849b5cfd03 feat: added RITSEC CTF 2023 2023-04-02 23:09:27 +07:00
..
images feat: added RITSEC CTF 2023 2023-04-02 23:09:27 +07:00
README.md feat: added RITSEC CTF 2023 2023-04-02 23:09:27 +07:00
weboflies.pcapng feat: added RITSEC CTF 2023 2023-04-02 23:09:27 +07:00

README.md

Web of Lies

We found more weird traffic. We're concerned he's connected to a web of underground criminals.

About the Challenge

We have been given a pcapng file (You can download the file here). And here is the preview

preview

There are a lot of requests to /flag and /fl4g endpoints

How to Solve?

As there were only requests to the /flag and /fl4g endpoints, I decided to represent them in binary code. Therefore, /flag is equivalent to 0 and /fl4g is equivalent to 1.

tshark -r weboflies.pcapng -Y http | grep -oP "/fl.* HTTP" | sed 's/\/flag.*/0/g' | sed 's/\/fl4g.*/1/g' | tr -d '\n'

To easier myself, im using tshark command to print all the HTTP packet, and then change them to binary code using sed command

tshark

Use binary code translator to obtain the flag

flag

RS{Refr3shTh3P4g3}