Description
A packet capture contains an encrypted attachment plus a plaintext conversation describing how to decrypt it. Reconstruct the TCP streams, extract `file.des3`, and use Openssl DES3 with the recovered password.
Install tcpflow (`sudo apt install tcpflow`) and reconstruct the streams: `tcpflow -r capture.flag.pcap`.
Inspect the ASCII conversation on port 9001 to learn the password (`supersecretpassword123`).
Renamed the DES3 stream (port 9002) to file.des3 and decrypt it.
tcpflow -r capture.flag.pcap
openssl des3 -d -salt -in file.des3 -out file.txt -k supersecretpassword123
cat file.txt
Solution
- Step 1Recover the instructionsThe text chat describes exactly how to use openssl des3 with the password. Grep or cat the relevant tcpflow files to copy the command.
- Step 2Decrypt the attachmentRename the DES3 stream to file.des3 and run the command. The decrypted file.txt contains the picoCTF flag.
Flag
picoCTF{nc_73115_411_0ee72...}
A perfect example of why you should never discuss crypto keys in plaintext channels.