English [Google Capture The Flag 2016] [Forensics 250 – No Big Deal Part 2] Write Up

Description

No Big Deal – Part 2

250 points / Solved 35 times
Now for the fun part of this level – can you find the flag in this pcap

Resolution

So we had the flag before finishing the part 1.
Here is how we solved it.

laxa:tmp:12:41:54$ binwalk -e no-big-deal.pcap
laxa:tmp:12:41:54$ cd _no-big-deal.pcap.extracted/
laxa:_no-big-deal.pcap.extracted:12:42:19$ strings * | grep -i 'ctf'

And we find the following flag: CTF{how.did.you.find.this}

One thought on “[Google Capture The Flag 2016] [Forensics 250 – No Big Deal Part 2] Write Up”

  1. wow great job, it is the simplest solution I learned.
    I stuck on line 3 : strings * | grep -i ‘ctf’.
    The result I get is a bunch of “d%CTF”.
    I mean how did you parse the result into CTF{….etc.
    Thanks in advance.

Leave a Reply

Your email address will not be published. Required fields are marked *