Hacking Series Part 16

Challenge: WebNet0

Category: Forensics

We are given a Wireshark packet capture file called “capture.pcap” and an RSA key called “picopico.key”. When you open capture.pcap in Wireshark you see a TLS stream that is likely to hold the flag somewhere in it.

When you follow the TLS stream, you can tell that it’s obviously encrypted since that is the job of the protocol. You can still make out a few headers, but none of these contain relevant information to find the flag. Using the given key file, we can decrypt the TLS stream by setting an RSA key in Wireshark’s TLS preferences.

To find the preferences for the TLS protocol, go to Edit > Preferences > Protocols > TLS > RSA keys list. Then add a key to the list and press OK for all preferences windows.

Now, if you go back and try to follow the TLS stream again, you will see the decrypted stream.

In the Pico-Flag header, the flag is found.

picoCTF{nongshim.shrimp.crackers}

some chaos for you

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Monthly Briefing of AOS Privacy Public Chain (Oct, 2020)

New Video — “Fend Off Cybercrime by Episodic Memory”

{UPDATE} Arcade Bowling™ Hack Free Resources Generator

{UPDATE} 777 Classic Slots Galaxy Hack Free Resources Generator

Announcing RAZE Pre-mainnet Staking Event

You will be surprised by what your Tweets may reveal about you and your habits

October 2021 — BinStarter Roadmap

How to spot a phishing email?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
9710810511512197

9710810511512197

some chaos for you

More from Medium

Kubernetes SSL Certificate Issue: “certificate resource is not owned by this ingress.

Why do Deserialization Vulnerabilities occur?

Deserialization Vulnerability From A Developer’s Perspective

Tutela Windows Agent now ships with Forensics and in-built IDS