In this challenge we have to handle a .pcapng file.
I firstly opene it in Wireshark.
Note: Wireshark is a powerful tool to analyze this type of files and complete challenges like this one.
I noticed a weird packet (No. 1887) came from
Source: host → Destination: 2.2.2.
At first glance it was something that seemed helpful, because we saw some encoded strings:
secret-antidote
SEF18C-1 TXT
SEA60A~1 TXT
but it was a really big bait and nothing helped me.
hint
1. Packet Length Clue
However something revealed me a way to the flag.
It was the Length of the packet, 576.
So I used:
and noticed the ones that have Source: 2.2.1 were what we were looking for because we see Morse Code there.
2. Extract Morse Code
We can simply extract them with a command like:
and using cyberchef to Steganography - Treasure Hunt CTFdecode it we get this message:
decoded morse
WE ARE MOVING AT DAWN, THE KEY FOR THE ANTIDOTE : GOLF OSCAR OSCAR DELTA NOVEMBER INDIA GOLF HOTEL TANGO GOLF OSCAR OSCAR DELTA LIMA UNIFORM CHARLIE KILO
3. Decode NATO Phonetic Alphabet
Notice that the first letter from the each word make up a sentance that makes sense
good-night-good-luck
(flag format is: word-word-word-word)
Also, after a bit of research it turned out to be NATO PHONETIC ALPHABET encoded.
