// k3ng
  • 👋
  • 2025
    • Cyber Jawara National 2024
      • Whale
      • Grayscale
      • Log4Shell
  • 2024
    • HTB University CTF 2024: Binary Badlands
      • Apolo
      • Freedom
      • Frontier Exposed
      • Wanter Alive
      • Armaxis
    • TSA Cyber Champion 2024
      • 101 - Forensics
      • eavesdropped
      • 101 - Web Exploitation
    • Cyber Jawara International 2024
      • prepare the tools
      • Sleeper
      • P2PWannabe
    • CTF Hology 7.0
      • give me
      • Books Gallery
    • TCP1P CTF 2024
      • doxxed
      • Lost Progress
    • Gemastik 2024 Finals
      • kode-viewer
Powered by GitBook
On this page
  • Challenge Description
  • Flag
  • Analysis
  • Solution
  • Solver Script
  1. 2024
  2. Cyber Jawara International 2024

prepare the tools

Last updated 6 months ago

Challenge Description

lets preparing our tools!

Flag

CJ{warm_up_for_your_scapy/pyshark/tshark}


Analysis

We are given a packet capture file for us to analyze. From the capture, we can see that the client's payload will have a format of flag[x] where x is the index requested from the flag. The server's response will simply return the character requested.

Solution

From this information, we now need to create a script to parse the characters based on the index. Then the flag will be shown somewhere on the output.

Solver Script

import re
from scapy.all import *

res = [""] * 10000
packets = rdpcap("preparingtools.pcapng")
index_found = False

for p in packets:
    if p.haslayer(TCP) and p.haslayer(Raw):
        if p.getlayer(TCP).flags == 0x18:
            if p.getlayer(Raw).load.startswith(b"flag["):
                index = int(p.getlayer(Raw).load[5:-1].decode("utf-8"))
                index_found = True
            elif index_found:
                  res[index] = p.getlayer(Raw).load.decode("utf-8")
                  index_found = False

print(re.findall(r"CJ{.*}", ''.join(res))[0])
Snippet of TCP stream