# StarCTF ## Blogger ![](https://i.imgur.com/SiAthll.png) The second challenge was to analyze a pcap. We can quickly identify the protocol to exploit. A little google search and we find exactly what to do. https://medium.com/@ali.bawazeeer/kaizen-ctf-2018-reverse-engineer-usb-keystrok-from-pcap-file-2412351679f4 So I followed the tutorial :D little filter, frame len ... ![](https://i.imgur.com/VetfGMp.png) Add the useful column (LeftoverCaptureData) and extract in csv from wireshark ``` head OUTUSB.csv "No.","Time","Source","Destination","Protocol","Length","Info","Leftover Capture Data" "15","0.712182","1.7.1","host","USB","35","URB_INTERRUPT in","0400000000000000" "17","0.856194","1.7.1","host","USB","35","URB_INTERRUPT in","04002b0000000000" "19","0.896180","1.7.1","host","USB","35","URB_INTERRUPT in","00002b0000000000" "23","3.000525","1.7.1","host","USB","35","URB_INTERRUPT in","0200000000000000" "25","4.128879","1.7.1","host","USB","35","URB_INTERRUPT in","0200160000000000" "27","4.232664","1.7.1","host","USB","35","URB_INTERRUPT in","0200000000000000" "31","4.472557","1.7.1","host","USB","35","URB_INTERRUPT in","00000b0000000000" "35","4.736597","1.7.1","host","USB","35","URB_INTERRUPT in","0000080000000000" "39","5.928841","1.7.1","host","USB","35","URB_INTERRUPT in","0000150000000000" ``` A small tour in the mill, salty sweet refined, the flag is ready! ``` cat OUTUSB.csv | cut -d "," -f 8 | sed ':a;N;$!ba;s/"//g' > HEXDUMP.txt ``` ``` cat HEXDUMP.txt 0000000000000000 0400000000000000 04002b0000000000 [...] 0000070000000000 0000000000000000 0000370000000000 0000000000000000 00002c0000000000 0000000000000000 0200000000000000 02000d0000000000 0200000000000000 0000000000000000 0000120000000000 0000000000000000 00000b0000000000 0000000000000000 04002b0000000000 00002b0000000000 0000000000000000 0100000000000000 0100080000000000 ``` ``` python map.py | sed ':a;N;$!ba;s/\n/ /g' a tab tab s h e r l o c k No map found for this value: 54 space j o h n No map found for this value: 54 space a n d space h e n r y space t h e n space v i s i t space t h e space h o l l o w space i n space t h e space h o p e space o f space f i n d i n g space t h e space h o u n d No map found for this value: 55 space o n space t h e space w a y No map found for this value: 54 space j o h n space n o t i c e s space w h a t space s e e m s space t o space b e space f l a g [ l i k e - a - b 1 0 0 d h 0 u n d ] a tab tab No map found for this value: 1 e ``` **flag{l i k e_a_b 1 0 0 d h 0 u n d}** Pyhon Code used :+1: ``` # coding: utf-8 newmap={ 2: "PostFail", 4: "a", 5: "b", 6: "c", 7: "d", 8: "e", 9: "f", 10: "g", 11: "h", 12: "i", 13: "j", 14: "k", 15: "l", 16: "m", 17: "n", 18: "o", 19: "p", 20: "q", 21: "r", 22: "s", 23: "t", 24: "u", 25: "v", 26: "w", 27: "x", 28: "y", 29: "z", 30: "1", 31: "2", 32: "3", 33: "4", 34: "5", 35: "6", 36: "7", 37: "8", 38: "9", 39: "0", 40: "Enter", 41: "esc", 42: "del", 43: "tab", 44: "space", 45: "-", 47: "[", 48: "]", 56: "/", 57: "CapsLock", 79: "RightArrow", 80: "LetfArrow" } myKeys = open('HEXDUMP.txt') i = 1 keyVal = int(00000000) for line in myKeys: bytesArray = bytearray.fromhex(line.strip()) #print "Line Number: " + str(i) for byte in bytesArray: if byte != 0: keyVal = int(byte) if keyVal in newmap: #print "Value map : " + str(keyVal) + " — -> " + newmap[keyVal] print newmap[keyVal] else: print "No map found for this value: " + str(keyVal) #print format(byte, ‘02X’) i+=1 ```
Last changed by  
Suric4t3
2467

Read more

Analyse d'un fichier Excel Malveillant

Analyse du fichier recuperé par mail 1 file, 27258 bytes (27 KiB) root@kali   ~/Desktop/SANDBOX  ls Documentation.7z Documentation.xls Identification de la charge active root@kali   ~/Desktop/SANDBOX  file Documentation.xls Documentation.xls: Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: Windows-Benutzer, Last Saved By: Windows User, Name of Creating Application: Microsoft Excel, Create Time/Date: Tue Oct 22 08:10:34 2019, Last Saved Time/Date: Thu May 7 06:40:53 2020, Security: 0 root@kali   ~/Desktop/SANDBOX  unzip Documentation.xls Archive: Documentation.xls

5/11/2020
NDH 2019

Voici l'énonce du challenge : Au service de la france - partie 1 context Vous êtes Jean-Michel, barbouze aguerrie de notre cher Pays. Vu que vous n'êtes pas très doué en langues étrangères, vous vous êtes spécialisé en informatique. Vous êtes devenu le Kev (Mitnick, pas Adams) de l'agence, et aujourd'hui le travail hardu, c'est pour vous... a propos Ce challenge est le premier d'une série de quatre challenges, qui vous permettra de récupérer suffisamment d'information pour contrer une attaque russe contre la France! Chaque challenge peut se faire de manière indépendante. Cependant, pour inciter les gens à réaliser les challenges dans l'ordre, chaque résolution du challenge numéro N vous donnera un indice pour résoudre le challenge N+1. challenge

4/22/2020
RIFTctf2020

Forensic 3 Value: 300 points File Names for the challenge: flag003.zip and readme.txt Message: 1. identify the file format. 2. read about the file format. 3. see which properties this particular file has. 4. and fix the file to get the flag.

3/21/2020
StarCTF

DOc. Holmes When i started this CTF, i take the forensic first ! So the challenge is pretty simple we download a folder and with file command we indentify After unziped the file and little research we found some picture ! Great, one of them is the flag :D

2/18/2020
Read more from Suric4t3
Published on HackMD