private-coms
OSCN 2025
Category
Forensics / Network
Challenge Overview
Here we need to analyze a
.pcapfile. It's not that easy because the capture has 14k packets, and we should check only the things that matter.
I analyzed it and discovered a URB_BULK out packet with 122944 Bytes, which is a lot for a simple packet, so it's sus.
We also could've guessed it using the following Wireshark display filter:
ID3 is the standard header for an .mp3 file, visible in HEX View.
Copying the HEX Dump and going to CyberChef, we get an actual .mp3 file.
Then, going to a speech-to-text tool online or simply listening to the message in the audio, we get the flag.
Final Flag
ctf{13ce08ba071d475d51694c2e60719a1faaa7e13614e5fb9ac43927f43adcb1b}
Alternative
I guess that's not an intended approach, but we could simply run:
This shows we've got an .mp3 file embedded.
We can extract it using:
Last updated