P Cap

Challenge

What about a little P cap?

Solution

Lotsa SMB traffic, looks like a file named R05h4L.jpg is tranferred. Dollars to doughnuts that’s an egg.

opened with wireshark, extracted the objects transferred, seems like two versions of that image, and two webpages:

R05h4L.jpg (incomplete)

R05h4L(1).jpg:

perdu.com (html file) (site):

1
2
3
4
5
6
7
8
9
10

<html>
    <head>
        <title>Vous Etes Perdu ?</title>
    </head>
    <body>
        <h1>Perdu sur l'Internet ?</h1>
        <h2>Pas de panique, on va vous aider</h2>
        <strong><pre>    * <----- vous &ecirc;tes ici</pre></strong>
    </body>
</html>

nothinghere.pl (html file) (site):

–> find login credentials to this site in pcap and log in?

Nugget

Flag