PicoCTF 2019 - WebNet0

Oct 12, 2019

WebNet0

Information

Points Category Level
350 Forensics Easy

Challenge

We found this packet capture and key. Recover the flag. You can also find the file in /problems/webnet0_0_363c0e92cf19b68e5b5c14efb37ed786.

Hint

Try using a tool like Wireshark How can you decrypt the TLS stream?

Solution

By the name of the challenge I almost sure that this pcap is a TLS connection with encrypted data, by now most of the TLS protcols and ciphersuits are well encrypted and without the private key we can’t decrypt the data, but in this challenge we do have the key!

So google is our best friend:

pcap tls decrypt

and found this site it’s tell about a tool “ssldump” it’s seems pretty what we need. But we need to decrypt pcap file and not sniff the decrypt, so again I search for:

ssldump pcap file And found this [site](https://support.citrix.com/article/CTX116978)

Command This is the command we need! I installed ssldump and use the command:

ssldump -r capture.pcap -k picopico.key -d

Use the command Then I just scrolled a little bit down and this caught my eyes: The flag! And we found the flag!

Flag

picoCTF{nongshim.shrimp.crackers}

 Tags
 Related