Trivial Flag Transfer Protocol
Figure out how they moved the flag.
- 1.Open the packet capture file in wireshark. Go to File > Export Objects > TFTP.
- 2.If we preview the
instructionsdocument we find:
GSGCQBRFAGRAPELCGBHEGENSSVPFBJRZHFGQVFTHVFRBHESYNTGENAFSRE.SVTHERBHGNJNLGBUVQRGURSYNTNAQVJVYYPURPXONPXSBEGURCYNA. Putting this into quipqiup decodes it to
t ftp doesnt encrypt our traffic so we must disguise our flag transfer figure out away to hide the flag and i will check back for the plan. The encoding is simply ROT13 so quipqiup is overkill. You can use cryptii instead.
VHFRQGURCEBTENZNAQUVQVGJVGU-QHRQVYVTRAPR.PURPXBHGGURCUBGBF, which decodes to
i used the program and hid it with due diligence check out the photos.
- 4.Save the
program.debfile. Let's see if we can use it to decode the images. The
steghide(this is easily seen if you extract it), so install it if you don't already have it installed with
sudo dpkg -i program.deb.
- 5.The hint from the
plandocument suggests that
DUEDILIGENCE(uppercase because the encoded text is uppercase) is the password.
- 6.We can use
steghideon every image included in the packet capture file. The flag is hidden in the last image
picture3.bmp. So run
steghide extract -sf picture3.bmp -p DUEDILIGENCEand
cat flag.txtto get the flag.