Alex CTF 2017 Fore3 Write-Up

So this is actually my first USB PCAP analysis challenge. This is one of the most basic challenges and there’s a lot to learn from it if you are new to this. USB pcap analysis is a major trend in the current CTFs.

So let us get on with the challenge.

Challenge Description:

One of our agents managed to sniff important piece of data transferred transmitted via USB, he told us that this pcap file contains all what we need to recover the data can you find it?

So let us take a casual look at the PCAP.

Screenshot from 2018-10-12 21-47-59

So we find a lot of protocols associated with USB. For all those who have an understanding of the USB packet analysis, you must know whatever data was sent into the USB is always in URB_BULK out”. So when we have this basic knowledge, let us dig in.

So you may notice that there are multiple packets of length greater than 1000 bytes. So I thought these packets were really suspicious.

Going through such packets, in the packet number 101, I noticed .PNG”.Screenshot from 2018-10-13 10-38-44

So as we can see in the above image, the highlighted text is nothing but a hex dump of a PNG image. It might be important. So without further digging into the PCAP, let us extract this image.

Select the specific packet and press Ctrl+h. This will help in extracting the packet bytes.

So let us see what is present in this image.Screenshot from 2018-10-13 10-53-33

FLAG: ALEXCTF{SN1FF_TH3_FL4G_0V3R_U58}

Happy Hacking!!!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Powered by WordPress.com.

Up ↑

Create your website at WordPress.com
Get started
%d bloggers like this: