Leetmore CTF 2012: Packets 200 (Epic Arc Pt. 2)

This entry was posted on Oct 18 2012

From the URL we extracted in the Part – I of the challenge, we got a second Wireshark capture log. The task was again to provide MD5 hash of the file being transferred.

Opening in Wireshark, we found that it was a FTP transfer log.

Epic Arc 200

Right clicking on the highlighted entry and selecting “Follow TCP Stream” extracts the entire data transfer. As, FTP protocol opens a new TCP connection as soon as the file transfer begins and closes the TCP connection as soon as the file transfer ends, capturing the TCP session ensures that ONLY the file bytes are taken out, nothing else, nothing else.

Epic Arc 2002

We saved the raw bytes thus extracted in a file, the MD5 of which was our flag for this challenge.

Solution: 77F92EDB199815B17E2FF8DA36E200DF

Post a Comment