back to blog

Wargames.MY CTF 2024 — Forensic: I Cant Manipulate People (50 pts)

December 15, 2024 ctfwargamesmy-2024forensicspcapicmpscapy

Forensic - I Cant Manipulate People (50 pts)

Description

Partial traffic packet captured from hacked machine, can you analyze the provided pcap file to extract the message from the packet perhaps by reading the packet data?

Author: Ap0k4L1p5

Hint : Attacker too noob to ping not in sequence

Attachment :

Solution

We were given a traffic.pcap file. We need to analyze the pcap file first based on the clue

We find out that there are a lot of ping request. When we see the last byte in the first 4 packet, it shows “WGMY” string, the flag format. We now know that we need to extract the last byte of each ICMP packet

from scapy.all import *

def extract(pcap_file):
    packets = rdpcap(pcap_file)

    for packet in packets:
        if ICMP in packet:
            raw_data = bytes(packet[ICMP].payload)
            if raw_data:
                last_byte = raw_data[-1]
                print(chr(last_byte), end='')

extract("traffic.pcap")

Flag

WGMY{1e3b71d57e466ab71b43c2641a4b34f4}