Networking

Hello

I recalled that the hint given was pointing to Vigenere cipher.

First, we’re given a pcapng file.

Open it in Wireshark, and we can see that there’s a lot of logs generated.

After taking some time to inspect the logs, I found that there were some patterns going on in the queries.

So I just right-clicked on one of the lines > Follow > UDP Stream.

A new window was opened.

I just manually typed out the characters in a notepad. At this point, I was guessing it could be a base64 encoded string as there was “==” sign behind.

VVBCTHtvMV9tcjNhX2VuMF90azNfaTBofQ==

But just to be sure, I googled for cipher identifier, pasted the string, and here’s the result.

Figure below shows the decoded string. I knew that I was pretty close to the final flag. It seemed like the last layer of cipher was the one mentioned in the hint, which was the Vigenere cipher.

I tried with decode.fr but I can’t find any output that matched the flag format.

Scrolling through the autosovle results generated by Boxentriq, there wasn’t any flag showing as well.

Hence, I decided to try with CyberChef. I copied the string and pasted it in the Input field. However, I did not know the key.

At this point I was just guessing for the key. I simply typed in “KEY” as the decoding key. Looking at the output, something clicked in my mind and I thought that I could just guess my way towards the flag. Since “KEY” returned and output that started with a letter “K”, maybe I could try out different letters in order to get the flag format: KCTF{}

After some experiments, I found out that key letter “KN” was returning an output of “KC”.

There we go. Found the key that returned “KCTF”. I submitted the output as flag but it returned an error saying that it was not the correct flag.

So I looked backed at the key entered and was wondering what was off. Then, I saw that my current key was “KNIG”, it’s the initial letters to spell out “KNIGHT”, which was the name of the CTF competition. And it worked! The output was accepted as the correct flag.

Final flag: KCTF{h1_th3n_wh0_mr3_y0u}

PreviousKnightCTF 2023 NextMiscellaneous

Last updated 3 months ago