Given Forensic_Encryption file. After have some analysis, found that it should be an zip file. So, change the first two bytes to 504B
The zip file contains three file(file_1, file_2, file_3).
It seems like an jpg file. And after take a look at its bytes. i have found that a ascii string
Base64 decode it
It is an zip file with password protected.
unzip it with password we have got in file1. And we got key.txt
src 192.168.30.211 dst 192.168.30.251
proto esp spi 0xc300fae7 reqid 1 mode transport
auth hmac(sha1) 0x2f279b853294aad4547d5773e5108de7717f5284
enc cbc(aes) 0x9d1d2cfa9fa8be81f3e735090c7bd272
sel src 192.168.30.211/32 dst 192.168.30.251/32
src 192.168.30.251 dst 192.168.30.211
proto esp spi 0xce66f4fa reqid 1 mode transport
auth hmac(sha1) 0x3bf9c1a31f707731a762ea45a85e21a2192797a3
enc cbc(aes) 0x886f7e33d21c79ea5bac61e3e17c0422
sel src 192.168.30.251/32 dst 192.168.30.211/32
The file contains the ESP packets. It seems it can be decrypt by the information given in file_2.
We can see the decrypted packet now. And i found there are http packet contains the flag
But the flag are encrypted! After have some research. We found that it is encrypted by the navy m3/m4 enigma machine
So, we can simply decrypt it!