PentaHex

hideandpeek.pcap (35) - Clearsoc


This is OwnForAll's second dump of some of Herbert's activity, can we use this?


I opened the pcap file in Wireshark and I looked through the types of traffic. I sorted by Protocol and found two in HTTP and that a PNG file was captured.

From here I attempted a variety of elaborate methods to get the PNG, including to try to recreate the file manually from the data and getting the png from the IP address in browser (it is HTTP after). I finally Googled it and found out that Wireshark has a nifty little feature to do this for us.

This brings us to a page where we are able to download the transferred image. Opening it up reveals the flag!

flag{you_g0t_m3_r3dHand3d!!}