1. World Wide CTF - Journal

# World Wide CTF W/U ## Too Hidden ![image](https://hackmd.io/_uploads/rkwoCBYQkx.png) Ok, here we have a file `chall.pcapng`. *Wireshark time!* ![image](https://hackmd.io/_uploads/S1zukUFmye.png) Right away, we see a bunch of ICMP packets, aka Ping. Looking closely, we notice that the packets are almost identical except for the transmitted data. ![image](https://hackmd.io/_uploads/Hyz0xdtX1g.png) At a glance, it looks like ASCII. By collecting all the packet data and converting it to text, we get: ![image](https://hackmd.io/_uploads/rystJItmJl.png) ...yep, it's `Morse Code`. ![image](https://hackmd.io/_uploads/SJV91IKX1l.png) **Flag: WWF{HOLY_SHEEET_YOU_CAN_FIND_ME_?????????}** ## Forgot Password ![image](https://hackmd.io/_uploads/SJAJrwKm1l.png) The challenge provides `Evidence.ad1`. Based on the file extension, it's clear that we need to use **FTK Imager**. ![image](https://hackmd.io/_uploads/S1FarwY7yl.png) Based on the given clue *'security question'*, it seems we need to find the security question set during Windows installation. At this stage, we can use RegRipper, but for convenience, I used a tool from [NirSoft](https://www.nirsoft.net/utils/security_questions_view.html). **W NirSoft** ![image](https://hackmd.io/_uploads/HJTuUwFm1x.png) ![image](https://hackmd.io/_uploads/S11FIvF7yx.png) Ta da!!! ![image](https://hackmd.io/_uploads/HyzFIDFQye.png) **Flag: WWF{I_love_security_questions_s0_muChhhhhhhhhhhhhh}** # Conclusion > It's just a journal because if a noob writes a write-up, people will laugh a lot.