picoCTF Solutions
PathPart of the Digital Forensics path · Step 2 of 5: Network Packet Analysis
picoCTF 2022ForensicsMedium

Eavesdrop

Published: July 20, 2023

Description

A packet capture contains an encrypted attachment plus a plaintext conversation describing how to decrypt it. Reconstruct the TCP streams, extract `file.des3`, and use Openssl DES3 with the recovered password.

Setup

Download capture.flag.pcap

Install tcpflow (`sudo apt install tcpflow`) and reconstruct the streams: `tcpflow -r capture.flag.pcap`.

Inspect the ASCII conversation on port 9001 to learn the password (`supersecretpassword123`).

Renamed the DES3 stream (port 9002) to file.des3 and decrypt it.

tcpflow -r capture.flag.pcap
openssl des3 -d -salt -in file.des3 -out file.txt -k supersecretpassword123
cat file.txt

Solution

  1. Step 1Recover the instructions
    The text chat describes exactly how to use openssl des3 with the password. Grep or cat the relevant tcpflow files to copy the command.
    Learn more

    tcpflow reconstructs the byte streams of TCP connections from a packet capture, writing each direction of each connection to a separate file. This is more useful than staring at individual packets in Wireshark when you want to read the actual data exchanged - especially for text-based protocols like HTTP, SMTP, or plain socket conversations.

    PCAP files capture every packet on a network segment, including payload data. When two parties communicate over an unencrypted channel (as the chat on port 9001 is), an eavesdropper who captures the traffic can read the entire conversation verbatim. This challenge literally illustrates the problem: the key exchange happened in plaintext, so anyone who captured the traffic can decrypt the "encrypted" file.

    In real networks, Wireshark and tshark are the standard tools for PCAP analysis. tshark -r capture.pcap -q -z follow,tcp,ascii,0 can reconstruct stream 0 directly. tcpflow is handy for bulk extraction when you have many streams to examine.

  2. Step 2Decrypt the attachment
    Rename the DES3 stream to file.des3 and run the command. The decrypted file.txt contains the picoCTF flag.
    Learn more

    Triple DES (3DES or DES3) applies the original DES cipher three times to each data block. While more secure than single DES (which uses a 56-bit key, considered broken since the 1990s), 3DES is now deprecated for most uses - NIST disallowed new uses of 3DES after 2023. Modern symmetric encryption uses AES instead, which is faster and more secure.

    The openssl des3 -d -salt command decrypts a file encrypted with OpenSSL's DES3 mode. The -salt flag indicates that a random salt was prepended to the ciphertext to prevent identical plaintexts from producing identical ciphertexts (a weakness in deterministic encryption). The -k flag provides the password directly on the command line - which is itself a security risk since shell history and process listings can expose it.

    The core lesson of this challenge is that encryption without secure key exchange is useless. Even the strongest cipher provides no protection if the key is sent in plaintext alongside the ciphertext. Protocols like TLS solve this with asymmetric key exchange (Diffie-Hellman, RSA) to establish a shared secret without ever transmitting it directly.

Flag

picoCTF{nc_73115_411_0ee72...}

A perfect example of why you should never discuss crypto keys in plaintext channels.

Want more picoCTF 2022 writeups?

Browse picoCTF 2022Full library

Useful tools for Forensics

Related reading

Do these first

What to try next