In this Challenge we were given a pcap file and the Pcap file contained an Irc conversation.On careful observation we find that the flag is already in the Irc transfers
The flag is already in the pcap file and in this case in all the paragraphs. If you look at the end of the paragraphs we can find some words which does not corresponds to the packet capture.Arrange all the words according to packets given and then you will obtain the flag.
PING irc.capturetheflag.withgoogle.com
:irc.capturetheflag.withgoogle.com PONG irc.capturetheflag.withgoogle.com :irc.capturetheflag.withgoogle.com
PRIVMSG #ctf :but it's plaintext, so I guess 5 eyes will get this flag before anyone else
PRIVMSG #ctf :so let's do it as a group
:andrewg!~poppopret@agriffiths.c.gctf-2015-admins.google.com.internal PRIVMSG #ctf :CTF{
PING irc.capturetheflag.withgoogle.com
:irc.capturetheflag.withgoogle.com PONG irc.capturetheflag.withgoogle.com :irc.capturetheflag.withgoogle.com
:itsl0wk3y!~poppopret@itsl0wk3y.c.gctf-2015-admins.google.com.internal PRIVMSG #ctf :some_
PRIVMSG #ctf :leaks_
:andrewg!~poppopret@agriffiths.c.gctf-2015-admins.google.com.internal PRIVMSG #ctf :are_
PRIVMSG #ctf :good_
:itsl0wk3y!~poppopret@itsl0wk3y.c.gctf-2015-admins.google.com.internal PRIVMSG #ctf :leaks_
:andrewg!~poppopret@agriffiths.c.gctf-2015-admins.google.com.internal PRIVMSG #ctf :}
PING irc.capturetheflag.withgoogle.com
:irc.capturetheflag.withgoogle.com PONG
and the flag is CTF{some_leaks_are_good_leaks_}
bi0s 
Leave a Reply