Affinitty Lost Head Write Up
Well they gave us a .pcapng file, then what else to do open Wireshark .
Well we have DNS
, TCP
but of course we will look at our beloved HTTP
packets first adding a quick http filter in wireshark.
And we already see some interesting packets
44 26.518465370 10.0.2.15 207.154.234.221 HTTP 383 GET /challenges.php HTTP/1.1
46 26.549133870 207.154.234.221 10.0.2.15 HTTP 295 HTTP/1.1 200 OK (text/html) (text/html)
48 26.576451635 10.0.2.15 207.154.234.221 HTTP 301 GET /favicon.ico HTTP/1.1
50 26.606350349 207.154.234.221 10.0.2.15 HTTP 378 HTTP/1.1 404 Not Found (text/html)
Well if you see this then we are solving a CTF, so common sense dictates that a call to challenges.php
and a response to that request is always interesting.
'¥ÔRT5Em#@F5ÏêÝ
PÙ{Hðø¹ôPÿÿíHTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Mon, 02 Nov 2020 12:08:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.24
X-Affinity: AFFCTF{DonT_TRusT_h34d3R2}
0
That packet has the flag hidden in X-Affinity
header.
EASY PEASY !!