Category : Forensic
Points : 663
Team : Sec-Pol.Cdt


We intercept the attack traffic and we know that there is a message in packets encoded in some tricky way. Can you help us decode it.




First, Thing I do after open the file pcap I will see File >Export Objects for find something to see outside but for this challenge doesn't have anything to export.

After that, I see something in Conversation for see how much conversation in this network capture but I found something weird for this challenge that have only 1 conversation.

And I though something on this conversation is came from TCP only.

That's take me to see length but not for all length of each packet but for only len TCP because if careful look at len of tcp doesn't one over around 124.

Maybe , It's hard to find out where tcp.len.

I will add new column tcp.len.

Right-Click on on the column beside info to open this menu and click Column Preferences.

This windows will open click to plus sign to add new column.

Rename it and add on the Fields Column with tcp.len and then go to see.

Can you tell me what's you see?

That's look like ascii code right?

Let's try to decode some ascii to see what we get it.

('T', 'h', 'i', 's')

Ok, I think this is right way go to export it to csv and let decode.

I use only tcp.len column copy it to text file and use python code to decode all.

CSV_output  TCP.LEN_output

f = open('wire.txt',"r").readlines()
for i in f:

and this is output.

❯ python3
This sentence has five words. Here are five more words. Five-word sentences are fine. But several together become monotonous. Listen to what is happening. The writing is getting boring. The sound of it drones. It is like a stuck record. The ear demands some variety. Now listen. I vary the sentence length, and I create music. Music. The writing sings. It has a pleasant rhythm, a lilt, a harmony. I use short sentences and I use flag AFFCTF{TCPDUMP_Never_Disappoints}. And I use sentences of medium length. And sometimes, when I am certain the reader is rested, I will engage him with a sentence of considerable length, a sentence that burns with energy and builds with all the impetus of a crescendo, the roll of the drums, the crash of the cymbals sounds that say listen to this, it is important.

and we get the flag.


author : Suppapan S.