Network Detective [Unbreakable 2023]

writeup by: H0N3YP0T
  • Open the network-detective capture with wireshark
  • Open the HTTP packet
  • We know that HTTP does not encrypt data we should see the following result:

wireshark capture

  • The X-HERE header is an unusual header furthermore we notice that the data is quiet suspicious and looks like a ROT encryption because if we shift from 1 to right, DUG gave is CTF which is the flag format.
  • Go to rot-cipher and enter the data string
  • Select ROT 1 (which is equal to shift one to right)
  • Select full ASCII table
  • Here you go :)

get the flag