WebNet1
Information
| Points | Category | Level |
|---|---|---|
| 450 | Forensics | Easy |
Challenge
We found this packet capture and key. Recover the flag. You can also find the file in /problems/webnet1_0_d63b267c607b8fedbae100068e010422.
Submit!
Hint
Try using a tool like Wireshark How can you decrypt the TLS stream?
Solution
I just did the same I did in the WebNet0 [Add Link] but now I couldnt see the flag immediatly so I pipe the output to file:
ssldump -r capture.pcap -k picopico.key -d > output
Now open the file in a text editor:
and just Ctrl+f and search the pico format:
But as it says it’s not the flag :-(
continue to the next found, and the next… and the next and found this:
And we found the flag!
Flag
picoCTF{honey.roasted.peanuts}