TG:HACK 2020 – s2s messaging Writeup
Intercepted ship to ship communication. Can you find the message?
This challenge also gives us a pcapng file.
Pcapng are generated by Wireshark and contain a history of packets sent and received by computers.
So, let’s start Wireshark to analyze the file. We go to Statistics -> Conversations and then we select the TCP tab to list all TCP connections.
We realize there is a particular interesting connection listed: the one where 1017000 bytes were sent and 48000 were received.
Probably it is some kind of file transference.
So, go ahead: select it and click Follow Stream… button in order to inspect the connection more closely.
We notice the data parameter stores a base64 string (because of / and + characters), so we will try to decode it:
echo "your_base_64_encoded_string" | base64 -d
The output is something illegible, but at the beginning you see that there is a PNG string, so our output is probably a png file.
Knowing this, you just need to decode the string again and save the results into a png file:
echo "your_base_64_encoded_string" | base64 -d > image.png
Then just open it normally and you will get the flag:
This challenge was solved by my team, ducks0ci3ty.