Ph4nt0m 1ntrud3r

CHALLENGE DESCRIPTION

SOLUTION

Manual

We open pcap file with Wireshark, we can notice that there are some things look like Base64 strings, and some of them have same length.

We search tcp.len == 12 to filter all packets with length is 12 and from the hint, we sort them by time. Copy all of the data to a file and decode it with base64 -d

Auto

We can also do this

tshark -r myNetworkTraffic.pcap -Y "tcp.len==12 || tcp.len==4" -T fields -e frame.time -e tcp.segment_data | sort -k4 | awk '{print $6}' | xxd -p -r | base64 -d