Image Upload

shark? wireshark..

HTTP is not secure. Inspect this packet dump and you will know why.

Find the packet related to an image upload and extract the image. Then, find the name of the creator of this image.

MD5 (dump.pcap) = 2565cf775ac71c217102ace91cc922ec

Author: daniellimws

We were given a pcap file, and immediately we went to fire up our trusty ol' Wireshark!

wireshark!!

From here we get to see a bunch of protocols, e.g. TCP, DNS, HTTP, TLS. At first, we followed this tutorial to try and extract images from a pcap file! Unfortunately, we didn't get to see what was expected 😢

no images extension? :(

Next, from the challenge description given, it gave us a hint that we should filter for HTTP! And so we did!

We notice the (PNG) under the Info tab, and so we tried to extract it out by following the HTTP stream. Afterwards, renaming the file with a .png extension.

Right click > Follow > HTTP Stream

Unfortunately again, we didn't get the flag, we received an error where it says "File is corrupted"

So, we looked back at wireshark and took a look at the payload under "MIME Multipart Media Encapsulation" and we found the flag under "Textual Data"!

flag!!!

Flag: grey{wireshark_exiftool_are_good}

Am I considered a hackerman now?? 👉👈😞