bb

hack

hack

hack

hack

wireshark :)

filte , HTTP , look for msg

How did you all knew to search in HTML GET packages?

for wireshark - can filet http and find for message - get then decode

so here was me capturing the dowload rather than opening the file, wooooops

strings capture.pcap | grep -i "GET /" and the rest is on you.

Just don't overthink it its pretty much in plain sight. You just have to GET it right.

Quite hard, but doable (but not easy, at least medium IMO) Hint1: TG9hZCB0aGUgZG93bmxvYWRlZCBmaWxlIGluIHdpcmVzaGFyaw== Hint2: TG9vayBmb3IgR0VUIHBhY2thZ2VzIChwYXkgYXR0ZW50aW9uIHRvIHRoZSBtZXNzYWdlcykg Hint 3: VGhlIG1lc3NhZ2UgaXMgQmFzZTY0IGVuY29kZWQ=

thanks found it

Thanks for Base64 encoding your hints. SW4gV2lyZXNoYXJrIEkgdXNlZCAidGNwLnN0cmVhbSBlcSAwIiBhbmQgY2hhbmdlZCB0aGUgbnVtYmVyIDAgdW50aWwgSSBmb3VuZCB0aGUgbWVzc2FnZSBvZiBpbnRlcmVzdA==

Thanks for Base64 encoding your hints. SW4gV2lyZXNoYXJrIEkgdXNlZCAidGNwLnN0cmVhbSBlcSAwIiBhbmQgY2hhbmdlZCB0aGUgbnVtYmVyIDAgdW50aWwgSSBmb3VuZCB0aGUgbWVzc2FnZSBvZiBpbnRlcmVzdA==

i just solved it with manual filter, but i have one question. how we know when filter to http or udp or tcp or etc? where's found this clue?

you should read some networking stuff

HTTP is the application level protocol, so this can contain the meaningful information for us. In contrast, TCP/UDP chunks that information and create packets which is not very meaningful. As in this case you're looking for a flag, it's only possible that application layer protocols will contain the whole information.

Thank you, this comment was really helpful!