Help us understand the problem. What is going on with this article?

CTF4b 2016 FINAL@TOKYO write up①

More than 1 year has passed since last update.

産まれて初めてのCTFはCTF4b2015@長野。

気合入れて長野まで行って満足してしまい、それ以降何もしてなかったが、本日FINAL@TOKYOに参戦。

今後は活動していきたいと思うので、Qiitaでwrite upを見よう見まねで書いていこうかなと。

Forensics あけてみよう

ダウンロードしたpcapを展開し、とりあえず、http通信をTCP stream

image.png

PKで始まる文字列があるのでzipファイルがあるんだなと。

教えてもらった「ファイル」-「オブジェクトを保存」を実行

transfer.zipたるファイルが出現。解答すると2.pcapが

開くとFTPが。問答無用でstream!!!

image.png

またしても「zip」の文字が。もう一度「オブジェクトを保存」したいところだが、選択できず

教えてもらったコマンド
$ binwalk -e 2.pcap
を実行

image.png

flagが出たと思いきや、0byte・・・

ここから地獄にハマる

最終的にwindows上で 2.pcap を 7zip で解凍するとあっさり画像が表示

image.png

なぜ binwalkで出来ないんだ!?

Why do not you register as a user and use Qiita more conveniently?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away