Hi guys! today i will show you how to solved Forensic 100 – Extract Me.
Download file from here and open by wireshark.
And find open follow tcp.stream eq 36, we can see transfering process file.
Next tcp.stream eq 37, we can see header PK… that is zip file (How to know header of file look at here) and see flag.png . Let’s dump file and try open it.
Of course, It not easy 😀 . You must have password to open it. Try find in SSL and got suspect certificate made by Bkav
So you can do the same writeup to know how to decrypt SSL
with factordb and rsatool to create file private.key
Decrypt file pcapng
Let’s extract flag.png 😀
WHAT IS THE PASSWORD WHITEHAT.ZIP
LikeLike