Screenshot from 2024-03-24 22-56-23.png
The attached file is a .pcap, so we can analyze it using wireshark.
image
To get a nice summary of the traffic we look at Statistics > Protocol Hierarchy

image image

Hmm… file sharing. Could find some secrets there!
We’ll filter for only smb traffic.
image
That’s a much more managable number of packets.
Clicking through each packet we see an interesting base64 looking string.
image
Decoding this we get the following: wctf{l3tS_
Definitely seems promising! Now to find the rest of it…
We can click on that packet and follow the TCP stream to find more.

image image

By scrolling through the stream we can find two more pieces of base64.
Decoding these we get 3teRn4lLy_g0_ and bLU3_7n9wm4iWnL}
We can combine these parts to get the full flag:
wctf{l3tS_3teRn4lLy_g0_bLU3_7n9wm4iWnL}