Skip to content

Latest commit

 

History

History
82 lines (67 loc) · 3.67 KB

README.md

File metadata and controls

82 lines (67 loc) · 3.67 KB

Problem 1

Introduction:

Given is a Wireshark Capture File that has been captured in a coffee shop.

Tools Used:

Wireshark, Google (research about Wireshark & exporting a HTTP object from Wireshark)

Analysis:

In this screenshot (packets 6,8,10,12), we can clearly see that the user in logging into a ftp server with the following credentials:
USER=0ffs3cUs3r3
PASS=very_secret_password
Since ftp servers usually work on clear-text protocol, the credentials are transmitted without encryption unless they use SSL/TLS(FTPS) or some other protocols to encrypt the data.

In packet 24, the user is uploading a JPEG file(flag.jpg) through the HTTP protocol. From the packets 25 to 29, we can see that packets of data are being transmitted and are finally reassembled in packet 30. Since, again, the data is transmitted without encryption we are able to get the flag.jpg by exporting the HTTP object.

Contents of flag.jpg:

Steps Taken:

  1. Downloading and installing Wireshark.
  2. Understanding the colors of each packet in Wireshark.
  3. Looking for hidden data in the .pcap file.
  4. Finding flag.jpg and exporting it as HTTP object (File -> Export Objects -> HTTP...).

Problem 2

Introduction:

Given is a .wav file that doesn't contain only sound.

Tools used:

Spectrum Analyzer: https://academo.org/demos/spectrum-analyzer/

Analysis:

Upon uploading the sound.wav file, we can see its spectrum containing the flag on the website.

By playing the audio completely, we can get the contents of flag.

flag: e5353bb7b57578bd4da1c898a8e2d767

The flag looks like a MD5 Hash.

Steps Taken:

  1. Opening the sound.wav on Spectrum Analyzer.
  2. Noting down the flag.

Problem 3

Introduction:

Given is an encrypted text file which contains whitespace characters.

Tools Used:

Microsoft VS Code (visualization of tabs and spaces), Binary Text to ASCII (https://www.rapidtables.com/convert/number/binary-to-ascii.html)

Analysis:

Viewing the file in VS Code, we can see that there are two characters - tab and space.

Replacing spaces with 0 and tabs with 1 and grouping 8 bits of Binary, we get something that looks like this:

Running this through a Binary to Text Translator, we capture the flag:

flag: csi{not_all_spaces_are_born_the_same}

Steps Taken:

  1. Replacing space with 0 and tabs with 1.
  2. Grouping 8 bits of Binary and delimiting them with spaces.
  3. Running them through a Binary to Text Translator and capturing the flag.