MQCyberSec

MQCyberSec Logo

MQCyberSec
Back to Writeups

Are you sure that's all?

by sealldev & finnersio
🚩 CTFs SecEdu CTF 2024 forensics
Suggested: #network-forensics
Are you sure that's all? / SecEdu CTF 2024
Are you sure that's all?

Description

We've captured a section of network traffic from ORG-A. Can you make sure that no sensitive data is being transmitted in plaintext? We can find some interesting details on the transmitted data by following the TCP stream. What kind of file does this reveal?

Original Writeup on seall.dev

Opening up the PCAP file there are only a couple packets, and they are all part of the one stream. Right-clicking on any of the packets we can follow the TCP stream.

Immediately we see some data at the top the stream showing a PDF file was sent:

notquiteall

We can extract the data by clicking Show data as: Raw and Save as, saving the data as a PDF file.

Opening up the PDF, the flag is in the top left.

notquiteallpdf

Flag: SECEDU{s0m3_empl0y33_b3n3fit5}

Related Writeups

Information

Files can always be changed in a secret way. Can you find the flag? Hint: Look at the details of the file Hint: Make su ...

#easy

Mob psycho

Can you handle APKs?

#medium

Secret of the Polyglot

The Network Operations Center (NOC) of your local institution picked up a suspicious file, they're getting conflicting i ...

#easy

Share this writeup

Contribute

Found an issue or want to improve this writeup?

Edit on GitHub