.hidden

sums-up [Unbreakable 2024]

network
writeup by: H0N3YP0T

Challenge Description

Our SOC analysts saw some strange DNS traffic. Wanted you to figure out what was exfiltrated, can you check it and sum it up ?

Intuition

Since it is a .pcap let’s open using Wireshark,and we notice a lot of DNS requests to different websites. I am used to this kind of challenges and I started to scroll down to search for some patterns since the capture is small.

img.png

Solution

I immediately noticed the flag pattern by scrolling down. The flag starts at the Google request and continues with Amazon, Facebook, …

img.png img.png img_1.png

Flag

ctf{4cp_4nd_4dp_ch3cksum5_4r3_3v1l_pr00v3_m3_wr0ng_jhunidr}