Press "Enter" to skip to content

Category: TMCTF

[TMCTF] – Analysis-offensive 100

Solution Given Forensic_Encryption file. After have some analysis, found that it should be an zip file. So, change the first two bytes to 504B The zip file contains three file(file_1, file_2, file_3).   file_1: It seems like an jpg file. And after take a look at its bytes. i have found that a ascii string

Base64 decode it

  file_2: It is an zip file with password protected. unzip it with password we have got in file1. And we got key.txt

  file_3: The file contains the ESP packets. It seems it can be decrypt by the information given in file_2. We can see the decrypted packet now. And i found there are http packet contains the flag But the flag are encrypted! After have some research. We found that it is encrypted by the navy m3/m4 enigma machine So, we can simply decrypt it! TMCTF{RISINGSUNANDMOON}

Leave a Comment

[TMCTF] – Forensic100

Question Given an pcap file which contains a lot of DNS traffic record. It seems the domain is so strange! Solution: My idea is extract all the domain out first.

output:

Second, decode it with base58. TMCTF{DNSTunnelExfil}

Leave a Comment