picoCTF WebNet1 Writeup

WebNet1 is a forensics puzzle worth 450 points.

The description provided is:

We found this packet capture and key. Recover the flag.

This puzzle presents a packet capture capture.pcap and a key: picopico.key

I did this puzzle immediately after solving WebNet0. The key was the same as WebNet0:

 % md5sum picopico*
57a3d0809b40857e71cbe069cda58829  picopico (1).key
57a3d0809b40857e71cbe069cda58829  picopico.key

Wireshark was already configured to use this key, so I didn’t have to configure Wireshark to use the key. These configuration steps are documented here: picoCTF 2019 WebNet0 Writeup

After opening the packet capture, right click on the first HTTP packet and select Follow -> HTTP Stream

First HTTP Packet

This stream shows a different flag in the header this time: Pico-Flag: picoCTF{this.is.not.your.flag.anymore} I took their word for it and looked through the stream a bit further and found the flag:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s