# [CSAWCTF 2021](https://ctftime.org/event/1405) ###### tags: `ctf` {%hackmd theme-dark %} # Forensics ### `Lazy_Leaks` - Challenge description ![](https://i.imgur.com/bumFkq5.jpg) ### Got a pcpa file (Lazy_Leaks.pcap) - By Wireshark, I opened the pcap file and found it was about 102.783 seconds record of the packets ![](https://i.imgur.com/aoRPZIo.jpg) - At first, I tried to find some http stream, but found nothing at all. But between packets, `telnet` protocal caught my attentions. Because I know `telnet` protocal is unencrypted, so if the admin used this to log in some server, maybe I can obtain some crendentials. - Thus, I mainly focused on TELNET stream, so I filtered "telnet" in Wireshark and found something interesting. ![](https://i.imgur.com/ov9YBzR.jpg) - I saw some garbage in the packet, however I found there was a packet that was malformed so I started from that spot. Eventually I found the flag just by browsing the unencrypted messages. - ![](https://i.imgur.com/flPR46J.jpg) ## CTF results ### Place and points - We registerd as the ToInfinityAndBeYANd, and got 851 points resulted in 293rd in the ctf. ![](https://i.imgur.com/0EOWXQt.jpg) ### Categories - We solved 11 challenges:. ![](https://i.imgur.com/hbS0js9.jpg) ### Score over time ![](https://i.imgur.com/4IH2IXB.jpg)