Kevin sent me a file with some hidden message. Help me recover this secret from this bizzare network.
given : bizz.pcap
In the given file, there are 1093 packets captured.
Some of those have strange contents. (see the picture)
It seems like hex values of ascii letters!
I found three packets (no. 16, 449, 961) which have content that seems like hex value.
As you can see, it starts with 50 4B 03 04 ...
and it is the file signature of zip file!
so I extracted the hex values from three packets and concatenated them, made a file named bizz.zip (with this python script)
# 'text' is concatenated hex stream a = text.decode('hex').decode('hex') f = open('bizz.zip', 'w') f.write(a) f.close()bizz.zip
but it has an error, so i couldn't unzip the file.
the error was caused by python's file writing system.
the system automatically put '\x0d' just before every '\x0a'!! (sadly, I found out this after the CTF was finished)
after removing all '\x0d' before '\x0a', I succeeded in getting a clean zip file.
in the zip file, I got flag.png!
아니, python은 왜 자기 맘대로 0d를 붙여준걸까 그것만 아니였으면 1000pt 쉽게 땄는데... TT 이것도 다 좋은 경험이 되겠지!
'CTFs' 카테고리의 다른 글
|[CONFidence CTF 2019 Teaser] Bro, do you even lift? writeup (0)||2019.03.19|
|[CONFidence CTF 2019 Teaser] Count me in! writeup (0)||2019.03.19|
|[HumanCTF] More than privacy writeup (0)||2018.10.13|
|[Hackover CTF 2018] I AM MANY writeup (0)||2018.10.11|
|[InCTF 2018] Biz44re (forensics) writeup (0)||2018.10.10|
|[Teaser Dragon CTF 2018] AES-128-TSB writeup (0)||2018.10.08|