AirTech CTF 2024 - ttcccppp
A network forensics CTF chall. writeup.
Let's get Cracking...
Challenge 02: tttcccppp
Was a tricky yet interesting challenge to solve.
In this challenge again a .pcap
file was given in order to solve the challenge and a hint was given as well.
why would someone send data in the first part of the TCP handshake
A TCP
handshake looks like this.
So, I used the TCP filter to filter out the TCP
traffic.
After that when I examined every SYN
packet they had an alphabet in them.
As you can see they are forming the first four alphabets of the flag i.e. AT24
So I carried on with the search and finally, I got the whole flag.
Flag: AT24{TTTCCCPPP_15_R3liable}
Stay in the loop with my latest content – follow me on Medium for more!