[Google Capture The Flag 2016] [Forensics 250 – No Big Deal Part 2] Write UpDescription
No Big Deal – Part 2
250 points / Solved 35 times
Now for the fun part of this level – can you find the flag in this pcap
Resolution
So we had the flag before finishing the part 1.
Here is how we solved it.
laxa:tmp:12:41:54$ binwalk -e no-big-deal.pcap laxa:tmp:12:41:54$ cd _no-big-deal.pcap.extracted/ laxa:_no-big-deal.pcap.extracted:12:42:19$ strings * | grep -i 'ctf'
And we find the following flag: CTF{how.did.you.find.this}
wow great job, it is the simplest solution I learned.
I stuck on line 3 : strings * | grep -i ‘ctf’.
The result I get is a bunch of “d%CTF”.
I mean how did you parse the result into CTF{….etc.
Thanks in advance.