We are given some clues and a pcap file
“Some dude I know is planning a party at some bar in New York! I really want to go but he’s really strict about who gets let in to the party. I managed to find this packet capture of when the dude registered the party but I don’t know what else to do. Do you think there’s any way you can find out the secret password to get into the party for me? By the way, my favorite hockey player ever is mario lemieux.”Original link to pcap:
https://csawctf.poly.edu/challenges/45b963397aa40d4a0063e0d85e4fe7a1/23dce85a4e96a87028cc9a3e662663ce/lemieux.pcap
Mirror to pcap:
http://repo.shell-storm.org/CTF/CSAW-2012/Networking/200/lemieux.pcap
Immediately, Wireshark to my rescue. But as the pcap file is huge....64MB
But as the clue was "...registered the pary..." so my instinct told me that most probably that it should be a HTTP POST method that was being used to register for the party.
So i tried filtering the traffic with http.request.method==POST and i got back the following results.
The POST to /parties-events/ seems to be what i'm looking for.
If i do a "Follow TCP Stream", i will see something like the following image.
Well, judging from the entire text string, it seems like the key to this particular challenge is "brooklyn beat box" That's it. :P
Cheers,
Jacob Soo
No comments:
Post a Comment