Encoding information acquisition

Need data package to be private

1. From the target server FTP Upload and download wire0078.pcap, Analyze the file , Find out the area where the key information belongs , Use the area name as Flag Submit .

First look at the target ftp What's up

One packet and one help.pdf, Both come down

First look at the packet

a pile USB Data flow , You can't do it without help , Open up decisively help

Open this thing and find it is USB Description document , But so many pages , One by one, it is certain that the game is over

the reason being that USB, The most important thing is the mouse and keyboard , It must be possible to analyze the keyboard ( Because lose flag You can't rely on the mouse ), Search the keyboard directly (keyboard)

In the 17 Corresponding columns were found in search terms , Then follow the data packets one by one

The first question of the topic is the area of key information , The answer is wireshark Key information areas

Flag:Leftover Capture Data

2. Analyze the file , Find out the key information , Take the effective packet length as Flag Submit .

This is the blue one , length 8 Bytes

Flag:8

3. Analyze the file , Find out the key information , Will be the first 5 The key part of the effective information is 16 Hexadecimal value as Flag Submit .

Attention is valid information , Data packets here are all 0 It's time to release the key , It's invalid , Pay attention to finding the right one is not all about 0 My bag

So it's actually the first 10 individual ( Ahead 20 At the beginning, press shift)

Flag:0x2F Pay attention to capitalization F

4. Analyze the file , Find out the key information , Will be the first 10 The key part of the effective information is 16 Hexadecimal value as Flag Submit .

Same as the last question , It's No 21 A package

Flag:0x22

5. Analyze the file , Find out the key information , Will find the Flag Worth submitting .

Combine the characters of each package into flag The answer is right

Flag:pr355_0nwards_a2fee6e0