2015, CTF

English [MMA 2015] [Forensics – stream…] Write Up

4 Comments

Description

We were given a file “stream“.

Resolution

We opened it with a hex editor and saw:
Windows XP Service Pack 3, build 26004Dumpcap 1.12.7 (v1.12.7-0-g7fc8978 from master-1.12)

Dumpcap is a software used to record network traffic, let’s see it !

We opened it with Wireshark (to make it more convenient you can rename the file with a .pcap extension).
In the packet #548 there’s a response from a Microsoft Media Server giving a media file.

To dump the media file :
File / Export objets / HTTP
Select the only one line and save the file (as “dump” for exemple).

Now upload this new file to a webserver.

Open VLC:
File / Media / Open network flux.
mms://URLtoYourWebserver/dump
Wait a few seconds and enjoy 🙂

stream

Flag is MMA{windows_xp_is_too_old_to_create_problem!!}

4 thoughts on “[MMA 2015] [Forensics – stream…] Write Up”

    1. Hello Diaa
      Strange, I tried what I wrote in the WU, and it’s working fine:
      – Download the .zip archive from the link above.
      – Extract the “stream” file.
      – Open it with Wireshark.

      Reply

  2. yup, works fine, i did’t know what happen with me, but now everything is fine now, Thanks WTF for your attention and really i liked your simplicity in all your blogs.

    Reply

    1. You’re welcome!
      We try at most to popularize how to solve the challenges.
      It’s good to know that the goal seems reached!
      Thank you 🙂

      Reply

Leave a Reply to Diaa Cancel reply

Your email address will not be published. Required fields are marked *