TJCTF Forensics Challenge

In this Challenge we were given a pcap file and the Pcap file contained an Irc conversation.On careful observation we find that the flag is  already in the Irc transfers

The flag is already in the pcap file and in this case in all the paragraphs. If you look at the end of the paragraphs we can find some words which does not corresponds to the packet capture.Arrange all the words according  to packets given and then you will obtain the flag.

PRIVMSG #ctf :but it's plaintext, so I guess 5 eyes will get this flag before anyone else
PRIVMSG #ctf :so let's do it as a group
:andrewg! PRIVMSG #ctf :CTF{
:itsl0wk3y! PRIVMSG #ctf :some_
PRIVMSG #ctf :leaks_
:andrewg! PRIVMSG #ctf :are_
PRIVMSG #ctf :good_
:itsl0wk3y! PRIVMSG #ctf :leaks_
:andrewg! PRIVMSG #ctf :}

and the flag is CTF{some_leaks_are_good_leaks_}

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

Up ↑

%d bloggers like this: