ASIS CTF Finals 2015 - Big Lie (Forensics 100)

ASIS CTF 2015 Finals just took place over the weekend of 10,11 October 2015. The finals is open to all, however only qualified teams will be allowed to win the prizes. NUS Greyhats took part in it and solved a few challenges, this is our write-up for some of the challenges from ASIS CTF 2015 Finals.

Big Lie

Points:100 Category: Forensics

Find the flag.

MD5: c3037269053e61e10a2a2457051519c8

Our solution

We are given a pcap file and asked to find the flag. Opening up the pcap file with Wireshark, we then see many HTTP traffic conversations in it.

So, the first thing to do is to filter away redundant packets. I am only looking for HTTP requests URI with the word “asis” in it. http.request.uri contains asis

We can see this this weird piwik.php request made to a HTTP server, and there seems to be a pastebin url in the GET request.

Looking at all similar conversations, I found 3 such conversations.

The first one is:

The second one is:

The third one which gave us our flag is:

Throwing this into a text editor gives me:

And we have our flag: ASIS{e29a3ef6f1d71d04c5f107eb3c64bbbb}

comments powered by Disqus