MQCyberSec

MQCyberSec Logo

MQCyberSec
Back to Writeups

Are you sure that's all?

by sealldev & finnersio
🚩 CTFs SecEdu CTF 2024 forensics
Suggested: #network-forensics
Are you sure that's all? / SecEdu CTF 2024
Are you sure that's all?

Description

We've captured a section of network traffic from ORG-A. Can you make sure that no sensitive data is being transmitted in plaintext? We can find some interesting details on the transmitted data by following the TCP stream. What kind of file does this reveal?

Original Writeup on seall.dev

Opening up the PCAP file there are only a couple packets, and they are all part of the one stream. Right-clicking on any of the packets we can follow the TCP stream.

Immediately we see some data at the top the stream showing a PDF file was sent:

notquiteall

We can extract the data by clicking Show data as: Raw and Save as, saving the data as a PDF file.

Opening up the PDF, the flag is in the top left.

notquiteallpdf

Flag: SECEDU{s0m3_empl0y33_b3n3fit5}

Related Writeups

Chunked Integrity

This is one of my favorite images! Unfortunately something has gone wrong and I cant see the whole thing, can you help f ...

Just Packets

Here pcap. Find flag.

Keeping on Schedule

One of our computers on the company network had some malware on it. We think we cleared of the main payload however it c ...

Share this writeup

Contribute

Found an issue or want to improve this writeup?

Edit on GitHub