Forensic – Black Technology Royal

Solution: We can take a look in the first HTTP packet: The value of parameter x are start with 424d , It is header of bmp file. But there’re a lot of http packet. So my idea is to write a script to extract all the value out. Solution Script

from scapy.all import *
import scapy_http.http as http
import requests
import json
import dpkt


output = ""

pkts = rdpcap('C:\\Users\\Admin\\Desktop\\cap.pcap')
for p in pkts:
	if p.haslayer('HTTPRequest'):
		rawData = p.getlayer(Raw).load
		if "&amp;x=" in rawData:
			output = output + rawData[rawData.find("x="):].replace("x=","")
	
with open("flag.bmp","wb") as f:
	f.write(output.decode('hex'))
	f.close()

from scapy.all import *

import scapy_http.http as http

import requests

import json

import dpkt

output = ""

pkts = rdpcap('C:\\Users\\Admin\\Desktop\\cap.pcap')

for p in pkts:

if p.haslayer('HTTPRequest'):

rawData = p.getlayer(Raw).load

if "&x=" in rawData:

output = output + rawData[rawData.find("x="):].replace("x=","")

with open("flag.bmp","wb") as f:

f.write(output.decode('hex'))

f.close()

Output

ASIS CTF Quals 2018 by ASIS Online

2018-04-29 02:00am ~ 2018-05-01 02:00am (GMT+08:00)
[ Duration: 2 Days 0 Hours ]

Register Status: Open
★ Descriptions ★
This is a Jeopardy-style CTF, and the problems are organized in categories like general security information (Trivia), web hacking, modern cryptography, exploit, forensics, reverse engineering, misc and etc.
Click here to access CTFTime for this event

Read less

Game of Pwners by gameofpwners Offline

2018-05-05 02:00am ~ 2018-05-05 08:00am (GMT+08:00)
[ Duration: 0 Days 6 Hours ]

Register Status: Open
★ Descriptions ★
The purpose of Game of Pwners, enhance awareness of Cyber Security Game of Pwners is a Capture the Flag competition which is organized by Octosec & CanYouPwnMe.
The competition that will be arranged is being prepared as a maraton. The first phase is just a warm-up containing some basic and informative questions about the teams which are registered to Game of Twners. After completing the warm-up part, the teams will compete in the real competition. At the end of the competition, the teams which can have a degree in the starting eight, they will have an opportunity to be involved the Cyber Fight Club Project.
They will struggle in their professional area to be part of the summit challenge.
In addition to the awards of competition, it will open the doors to work and internship offers for the teams that are involved in the starting eight !
Click here to access CTFTime for this event

Read less

PlaidCTF 2018 by Plaid Parliament of Pwning Online

2018-05-05 04:00am ~ 2018-05-06 16:00pm (GMT+08:00)
[ Duration: 1 Days 12 Hours ]

Register Status: Open
★ Descriptions ★
Plaid CTF :: Hosted by Plaid Parliament of Pwning
Click here to access CTFTime for this event

Read less

Tag: Forensic

[CSAW2017] – Missed Registration

[Bugs Bunny] For80 – 80pt