From 7eb3745efe12827396ea735057fcbd86e34dba94 Mon Sep 17 00:00:00 2001
From: glacialcascade <11969863+glacialcascade@users.noreply.github.com>
Date: Sun, 27 Aug 2023 20:33:38 -0400
Subject: [PATCH] wireshark foren (#32)

wireshark foren

Co-authored-by: mud-ali <96320211+mud-ali@users.noreply.github.com>
---
 shark-fin/chall.yaml       |  15 +++++++++++++++
 shark-fin/shark-fin.pcapng | Bin 0 -> 3464 bytes
 2 files changed, 15 insertions(+)
 create mode 100644 shark-fin/chall.yaml
 create mode 100644 shark-fin/shark-fin.pcapng

diff --git a/shark-fin/chall.yaml b/shark-fin/chall.yaml
new file mode 100644
index 0000000..55ff56a
--- /dev/null
+++ b/shark-fin/chall.yaml
@@ -0,0 +1,15 @@
+name: Shark Fin
+categories:
+ - foren
+value: 75
+flag: camp{sH4rK_go_nOM_9f2f44f4735528}
+description: |-
+  I bugged another CTF team's network and managed to capture these packets.
+  Circumstantial evidence suggests they were trying to find a flag online -- can you help?
+hints:
+  - Wireshark is a helpful program to analyze network traffic.
+files:
+  - src: ./shark-fin.pcapng
+authors:
+  - Marvin
+visible: true
diff --git a/shark-fin/shark-fin.pcapng b/shark-fin/shark-fin.pcapng
new file mode 100644
index 0000000000000000000000000000000000000000..e35814f4bb3313821696345ad55c0f016651058a
GIT binary patch
literal 3464
zcmaKv3v5$m6vw~YmeLk##$rZA*zO?e9(}iKw=!U3luq_w?_rq0U3<3`y0-Q)x`9xl
zA}>K;>Rgb=j4+39QPd%#i5n88F)EH2m1vguh>8mv;v#s??Y4I9wlDkE?>_eZ{^x(r
zxwn%@rIK@mkfQALc@%u!867;5O*9%`18rfQ^n*?x>qsd}rSn`KHl?B{m9`rd8jT^t
zVx)6utuj+>$#0=kHrwI;@^Z6YsZHgR1X5^s`UA8<sa9&T6naHbZt<$zvekqLh>5K5
zH@dBin@*{=dsuG+<Jpu->)}o#ono>3=%&!x%~&@v^{kC%yrHWKO)7|lftpco;pivs
z$|GX3+2K}uwdy(@oEO6#V)&drjTX4f?IDEEeRu$)^Wp7tuf5$p-wtb>`41azZtTC7
z{_9e?SVYW(tgYIXLvn=k+AefbZHqqmdEe<ms{5Vf!X1l8_FoOksG-lk26dE3;^^CW
zUcO~_!dyO|EL5IZ|H6*)Q{S(zeD31qx)Vv-f2y8NJ28tsDtYZl`_hk^KP?9qYKYci
zX*@TLmRl!L%dvRW(s68wU?7p|K63Cz>bAp;Uj$`hwnG!ra#tX^HN7jblGC#9XqqN@
zN!R+{s*0I)&*oge;xA}jyDF>e59!=HjjC@f`6&@vY_P_GzUZ1aELaX}oFPX-?tm{F
zh<>1ykY?ebz32(*p}J2Oq9@=@XE2UxJO5-zi+roA0lgsv_l}PDxt0wJ#=MVVtQ{!h
z7}iM{GO8`(v55>W-oFPlhd$X@Etox180S64dbjMU{CxR}->bhJG`|>sNZC=i6?9DI
z{pG2(KpkA=<&aEa@4M)GDBgiY^d0;!3Cf7*1=tnqAiYaF6aDA3yk0M^-qp3}nf}B~
ze%Z$>pVGJ936j*}ACD^E8SX3H{@(#ngqBF}zt=P4-pACW{?;k34l<+apak>`2jid)
zB;$2(4E2P)k7PVC_+8Rieq$L`+qt?wkBo@A?_4}`fIxnSK6^F9fZPsZj>8OCasz9q
z_l7DpAC9;g-CL%tCBT^TC|5tgq5AG28RY)QlP{^E-?8Okh}?|V$JW}Ne5<Pw&r-NQ
z)=?zqdXjoN&QgxE7h{R!6lkX8%nx(gPzDT)rzhK%7JxO*sCp%2BhQ1JGY=pGStJ7@
zstUASQtt?Yaz5@78_$K=7!`yjC4z>#R~(ploHyb4mAr*rs0ZW6=OPZ&^~f??+7Vde
zjM24!{ZZ6a_3Z>*EpIF<&`hZd;s+h@8#cU5;_eq(2#JF=j8TnKT;udkdJVOsX4LM$
zjbNbmmX^k}Rj|exQ-|5Imq5GlZ5{fF<SRQ#$qxyC_uyY2=ly%#6;B9HFyoAXCz71D
zRORA%iqD6dM@BSD{G~8`j1}WkHX+#KU-felV*X05>}=`pJpsJl<MFq5%_`tn0c6dU
z_w7a=u%uyDWPdH*J2QRi{*s;K;xa|W)eF21=&xbdXb%IU09oPwLJx7EcZYeB^yguX
zGse5UGVVF?)=!f%WWZp+D|lv&F)Zc^TIFFjtK5M=iMhP0l+LfHC{byY8mT1T<@K59
zv1U|4GfE|uUe=??t!JHZ#p?GsRGCUG-kWQ+vTit+rb?4aq!0*KtC)*Of9@n)822Y8
z7y7dYFc<SnqjJ&lL&9KUFpkVL-VA96Z(31**q>ckvoO$~*RlojIylA|&7jtteHt0}
z$|q&OGrjhqaYj2b#@wKFY7JfFYJzVoC9J2Bae@PmW~pQa<6}*9x!)<LwMIJEUr%e*
zS{<#`n&3yTqb)@hQb~n}aeC{(IJ490ve}*W;9Y~?xrwz&C3!BVlePNnE~km!#IkM$
z<FGfeaGtR?unM^9^SB%)x{(Pe;JeZiok6XZO3VQ_ezBSitcwH}x~xoS>jt0C?KP=X
zk=dM(cd4YD^)#^_kmhjtZFLUDgDO@k%5onv(Z)KPvDT>8veqnJrqy6on5)Y$&!7d9
zjs8dH`tW&ye41Y9<a&X7pM`sTFtMfoVh{Afjfh@Y3;Avj=Q^^U+H1tqF<#~v#)-W!
z%9uk9MKEfnVZ3>6oDp45M1S@mSF@`p*3-ovsM)0893nD|zB6I}lTc4JlgDv2@56CM
zOi$}&U0fW7s5p|qt6qFBN5oN&oG@ces4cj@kk_u!7~mKuMb;6L5Q;`bR$d?}1fGKw
zFZX?9T!U+^0zwv&5gy)*zu?>mA-G?3o*8$&Z8@CB8LNF|25P^(0ryR@%sSQCL3L-f
zz7-G;9lS3X$A53QBGhktlGhnZZ?uCr%x^TqoW!zYjMyCXSLP6p(3FGwBZunl?7;nj
z(;SS;;r&?`Vw4UQXYWZGE)Fqf0B7u-^cP=9YJRZ@D0uzlx%}`Ck;hBBJ+3CZ4H~|-
knYM-gq2Un`!Fx+TiWl%l*LT6+31F>&{cy~Hb>u+C|1+nce*gdg

literal 0
HcmV?d00001