English [PoliCTF 2015] [Forensics 100 – John in the middle] Write Up

Description

JOHN IN THE MIDDLE
100 Points
Can John hijack your surfin’? 🙂

Download

Resolution

There’s a pcap file attached with the challenge.
We open it with Wireshark, and we see multiple HTTP GET requests.
The best thing to do here is extracting all files, so let’s Wireshark handle it for us 🙂

johninthemiddle_1

johninthemiddle_2

It’s the same page as the home of PoliCTF, but… the logo isn’t the same size.PoliCTF_reallogologo

(85×85 for the online one, and 400×400 for the dumped one.)

We use Stegsolve to analyze the logo, and after playing with some color filters we are able to see a clear text:

flag

Flag is “flag{J0hn_th3_Sn1ff3r}”.

Leave a Reply

Your email address will not be published. Required fields are marked *