Writeup DG’hAck: Time for Something Different
This is a steganography challenge where we’re given a PCAP file. Opening it in wireshark reveals a list of identical ICMP packets.
Nothing seems to be unique, except the time of each packet, that we can extract using tshark
:
… there isn’t anything that stands out. We could also look at the time delta in between each packet:
Hmm.. The first bit looks like binary, but decoding it gives nothing useful. Looking at the second and third lines, the deltas start with 70
and 76
, which are the ASCII codes for F
and L
.
This is it, the first three chars without the dot represent ASCII codes, let’s decode them:
The flag is t00sloWort00D3v1ou$
.
Read other posts