Hacking Series Part 16

Challenge: WebNet0

Category: Forensics

We are given a Wireshark packet capture file called “capture.pcap” and an RSA key called “picopico.key”. When you open capture.pcap in Wireshark you see a TLS stream that is likely to hold the flag somewhere in it.

When you follow the TLS stream, you can tell that it’s obviously encrypted since that is the job of the protocol. You can still make out a few headers, but none of these contain relevant information to find the flag. Using the given key file, we can decrypt the TLS stream by setting an RSA key in Wireshark’s TLS preferences.

To find the preferences for the TLS protocol, go to Edit > Preferences > Protocols > TLS > RSA keys list. Then add a key to the list and press OK for all preferences windows.

Now, if you go back and try to follow the TLS stream again, you will see the decrypted stream.

In the Pico-Flag header, the flag is found.





some chaos for you

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Insecure direct object references(IDOR) and Where To Find Them

Implement Cloud Armor Security Policy/s using Terraform

How To Block / Blacklist a Number on ZTE Grand Xmax

How to Block Number AND SMS / Call on ZTE Grand Xmax

6 important cross site request forgery examples

cross site request forgery example

The “doorLock” denial-of-service issue in Apple’s HomeKit makes iOS vulnerable

Announcing our 75% Cash Back (in ETH) Promotion

How To Block / Blacklist a Number on ZTE nubia X 5G

How To Block / Blacklist a Number on ZTE nubia X 5G

HackTheBox — Sauna

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


some chaos for you

More from Medium

What is Cybersecurity? Can you protect yourself?

FunBoxRookie Writeup

Honeypot Using Cowrie and Adbhoney

Privilege Escalation in Target using Metasploit