Monday, June 3, 2013

Codegate 2013 :: Misc #3 (200 points)

The 3rd challenge under the Misc category, with a reward of 200 points, got underway with a binary that was identified as a “Wireshark PCAP Next Generation Dump File Format (Little Endian)” file by TrID.

2 hints were given for this challenge:
  1. [Misc3(200) Hint] You can solve the question off-line.
  2. [Misc3(200) Hint] Find out document.
The objective was to find the document in question from the 7161 captured network packets. Thankfully, generating the list of HTTP objects (File > Export Objects > HTTP) and saving them to a local directory was a breeze with Wireshark, and a total of 59 files were exported for analysis.

Sample list of files exported:

When the above selected file was viewed in Adobe PDF Reader, it showed the official rules for Codegate YUT Challenge. However on closer examination in notepad, the PDF specification revealed the file had several incremental updates contained therein, evident by the presence of several “%%EOF” and updated objects content. The key was revealed after the last update was deleted from the PDF specification. Flag captured! 200 points in the bag!! Yay!!!


Cheers,
Braeburn Ladny

No comments:

Post a Comment