[Writeup on GitHub](https://github.com/DimaIvanovskiy/ctf-write-
ups/tree/main/HeroCTF_v3/FindMe)# Find Me

The given file was a PCAP capture. The first thing we do is `strings` to have
easy informations.

![strings](https://github.com/Ewael/CTFs/blob/master/2021/ShaktiCTF/Forensics/FindMe/strings.png?raw=true)

We see this interesting part:

```  
You might need this...  
98 106 66 48 100 71 103 48 100 71 86 104 78 88 107 61  
```

Let's decode this:

```python  
>>> print(''.join([chr(int(a)) for a in '98 106 66 48 100 71 103 48 100 71 86
104 78 88 107 61'.split(' ')]))  
bjB0dGg0dGVhNXk=  
```

```  
$ echo bjB0dGg0dGVhNXk= | base64 -d  
n0tth4tea5y  
```

Ok, let's keep this and dive into the capture file. Following the TCP streams
gives us 2 streams, the first one being what we just decoded, let's dig the
second one.

![cap1](https://github.com/Ewael/CTFs/blob/master/2021/ShaktiCTF/Forensics/FindMe/cap1.png?raw=true)

![cap2](https://github.com/Ewael/CTFs/blob/master/2021/ShaktiCTF/Forensics/FindMe/cap2.png?raw=true)

We can clearly see a reversed `flag.txt` string in that capture, let's reverse
it and see we get as a file.

![cyber](https://github.com/Ewael/CTFs/blob/master/2021/ShaktiCTF/Forensics/FindMe/cyber.png?raw=true)

A ZIP file! It's password protected, opening it with our `n0tth4tea5y` works
like a charm, and we get out beloved `flag.txt`:

```  
shaktictf{g00d_lUcK_4_tH3_n3xT_cH411eNg3}  
```

Original writeup
(https://github.com/Ewael/CTFs/tree/master/2021/ShaktiCTF/Forensics/FindMe).Writeup available in my github repository.

Original writeup (https://abhisek3122.github.io/CTF-Writeups/TamilCTF-
Writeups.html#findme).