K17 CTF – 28/09/2013 (10 AM) to 29/09/2013 (10 AM).
I participated in K17 CTF hosted by the University of New South Wales (UNSW). There were 2 teams from “Northern Sydney Institute TAFE-Meadowbank Network Security degree” 0x4e534931 & 0x4e534932 with 4 members in each team.
I was a team member of the 0xe534931 team and we got 20th position.
Task completion status
Challenge – Help the NSA (50pts)
The NSA has though it’s warrantless mass surveillance network managed to intercept this exchange between two potential terrorists. Unfortunately, they don’t quite know what to make of it. “It all looks like garbage to me”, a senior intelligence officer is quoted as saying. “I don’t understand it, so it must be dangerous. Getting access to this illegally obtained data is of utmost importance to national security and the future prosperity of … “.
Help the NSA violate the rights of your fellow citizens by uncovering the sensitive data within.
- help-the-nsa.pcap (37.07 KB)
Opened help-the-nsa.pcap file in wireshark. Followed the packets stream, with-in few minutes got a brief idea whats going on in that stream.
Reached packed 97 which is Internet Message Format (IMF).
After looking in detail i extracted following information. The Email is sent from woot@babirusa to email@example.com and also found base64 encoded word document as attachment (secret.doc).
After decoding the word document (decoded-secret.doc) found key as “unicornsAreCuteIwantToBelieve”
Links to my team’s writeup for this event: