🔬
CTFs
  • 🚩nitrozeus's CTF Writeups
  • Tutorial
    • Install Windows 10 VM on M1 Mac
  • My Notes
    • Capture-The-Flag
      • Windows Forensics
      • Memory Forensics
      • Base32, Base64
      • Steganography
      • Email Analysis
      • Malware Analysis
      • MD4, MD5 Cracking
      • Social Engineering
      • OSINT
      • Google Dorking
      • Reconnaissance
      • Port Scan (nmap)
  • 2023
    • 🧠BrainHack CDDC 2023
      • Gallery
      • Eazy Network Analysis
      • What the hell happened to the PC?!
      • Audio Steganography
  • 2022
    • 🐱Grey Cat The Flag 2022
      • Parcel
      • Memory Game (Part 1)
      • Too Fast
      • Entry
      • Ghost
      • Firmware
      • Image Upload
      • flappy-js
    • ⛵STANDCON 2022
      • I Sea You (Part 1)
      • Locate Me
      • I Sea You (Part 2)
      • Trolley Trolling
      • A New Gateway
      • Walks like a cat, barks like a dog
      • Shark in the Ocean
      • Atlan Safe P1
      • Gift from Russia
      • Asmuth Shares
      • Memedump
      • Warmup Forensics
    • 🦁STACK the Flags 2022
      • Finding Nyan
      • New Task!
      • Hit you with that
      • Cobalt Struck
      • PyRunner
Powered by GitBook
On this page
  1. 2022
  2. STANDCON 2022

Shark in the Ocean

PreviousWalks like a cat, barks like a dogNextAtlan Safe P1

Last updated 2 years ago

Shark??? in the ocean??? Ayo?????

We were given a pcap file with little to no hints given. Naturally, we just looked filter for HTTP traffic but unfortunately, we did not find anything interesting

At this point, we looked at almost every protocol that were in the pcap file and we were not making any progress. Finding a needle in the haystack.

Flag: STANDCON22{W1R3SH4RK_EXP3RT?}

Challenge Files

A teammate of ours had an idea to filter for 22{ via . The reason being was because that is the last 3 characters of STANDCON22{} flag.

We kept on looking till we saw an interesting string, FGNAQPBA22{J1E3FU4EX_RKC3EG?}. It looked like a flag but obfuscated!

Additional Information: Here's a good on detecting ROT13 /Base64 encryption.

As we were analysing the string, we realised that it has a shift value of 13, and so, we figured that it is a cipher.

We went to and we managed to get the flag!!!

⛵
😲
packet bytes
resource
ROT13
🎉
CyberChef
😢
93MB
SHARK_IN_THE_OCEAN(1).pcapng
pcap dump