Hacking for n00bz – Level 6

For level 6, we were being asked to download “sharkfin.pcap” to hunt for the flag, which means that we should probably be prepared to analyse some network traffic. As hinted by the file name, “sharkfin”, let’s open the file using Wireshark and analyse it.

n00bz Level 6

Usually the first few steps that I would do when I open any pcap files in Wireshark is to take a quick glance at what protocols of network traffic were being captured, then look into the more popular ones such as HTTP or FTP.

In this case, I followed the UDP stream 0 and gotten the following string which is probably the flag,


True enough, it is an encoded hexadecimal flag. Using Hackbar, I did a quick conversion and managed to get the flag for level 6, “infosec_flagis_sniffed”.

Back to write-up list for InfoSec Institute CTF #1: Hacking for n00bz


2 thoughts on “Hacking for n00bz – Level 6

Leave a Message

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.