Description
A PCAP plus a password-protected ZIP arrive together. Use strings/binwalk to extract a partial flag from the network trace, then apply it as the ZIP password.
Setup
Run strings (or Wireshark) on dump.pcap to discover Base64 snippets of the flag.
Decode the Base64 text to obtain the partial flag/password, then unlock the accompanying ZIP and read flag.txt.
strings dump.pcap | grep -n pico
python3 - <<'PY'
import base64
print(base64.b64decode('VGhpcyBpcyB0aGUgc2VjcmV0OiBwaWNvQ1RGe1IzNERJTkdfTE9LZF8='))
PY
unzip -P 'picoCTF{R34DING_LOKd_' secret.zip
Solution
- Step 1Extract the hintThe PCAP contains printable strings referencing the flag. Base64-decode them to reveal the password fragment.
- Step 2Unlock the archiveUse the recovered fragment as the password to unzip the provided archive, then open flag.txt for the complete flag.
Flag
picoCTF{R34DING_LOKd_fil56...9b}
Ensure you remove ellipses or extra text from the decoded string before using it as the ZIP password.