Approach
We are given a network capture file that we can examine using Wireshark. The file contained a large number of packets. So, I decided to filter only the http traffic. moving through http packets I saw a zip file was downloaded.
I decided to export all http objects and doing so I saw some hints
now its clear that we have to find some encoded data and decode it with RC4 using passphrase secret. Looking at the files I found this string interesting in file data(8)
I just copied the text and tried to decode it using cyberchef
It’s clear that the string is indeed the flag, but some characters are not accurately represented. To fix this, we can convert the encoded flag to hexadecimal format and then decode it.
┌──(n4ruto㉿iasad,me)-[~/CTFs/CyberHackathon/wormy]
└─$ cat data\(8\)
�Z�{����m�տ���C�X����3��b
┌──(n4ruto㉿iasad.me)-[~/CTFs/CyberHackathon/wormy]
└─$ cat data\(8\) | xxd -p
ab5ab37bf9f695926d8ed5bf819f8543c4581cbdb2809b1b403310b8ea041062
I put the hex in cyberchef, converted the input format to hex, and we got the flag
