Smoke on the Horizon

This is a writeup of the Smoke on the Horizon challenge which was part of the MISC category during vikeCTF.

The attached zip file contained a .pcap that could be analyzed with Wireshark.

In the PCAP was an SMTP message from 10.10.10.4 to 10.10.10.5.

The password is "p!ll@ge_🔥_p1und3r". You know what to do.

In addition, one could find the download of flag.enc via FTP in the .pcap file. One could export that file directly to disk.

Finally one could find an HTTP request to /decrypt that returned an ELF executable that could also be exported directly to disk.

With both files and the password one could retrieve the flag with the following command:

./decrypt flag.enc 'p!ll@ge_🔥_p1und3r'

Which resulted in: vikeCTF{C@pt7ur3d_my_p@ckets?_Wh4t5_7h3_r@ns0m?}