Fl4g_Tr4nsf3r_Pr0t0c0l

Downloading Challenge Files

here is the executable file to download

253KB

Fl4g_Tr4nsf3r_Pr0t0c0l.rar

the file given is a pcapng extension so it should be opened with wireshark to analyze the traffic and try to extract informations

from the name we can know that we have to search for the traffic of ftp protocol so let's filter the traffic based on the ftp protocol

reading the traffic we can see that the user is transferring the flag through ftp protocol since the traffic of ftp is captured using wireshark we can extract the file transfered into our machine and take a look at its content

and now let's check if we have extracted this file and yes we did

let's read it's content and since it's combination contains only uppercase letters and numbers and ends with = sign it's likely to be a base32

let's decode this base32 and it gives us hex numbers

let unhex those hex numbers and it gives us a base64 result because the result is a combination of uppercase and lowercase characters and numbers and ends with = sign

note that if you dont have pwntools library installed in your machine you will not be able to use the unhex command so you can use online websites like cyberchef to unhex the hex numbers

let's decode the base64 and we get the flag

Flag

DEFENSYS{FTP_1S_N0T_S0_S3CUR3_4FT3R_4L1}

Greetings from Sayonara