HackVent 2023 - [HV23.09] Passage encryption

Difficulty: Medium

Categories: Network Security, Fun

Author: dr_nick

Santa looked at the network logs of his machine and noticed that one of the elves browsed a weird website. He managed to get the pcap of it, and it seems as though there is some sensitive information in there?!

Even though the pcap looked like this is some kind of web forensics challenge, the flag was actually in the source ports used to connect to the server:

from scapy.all import *
print(*[chr(s)for p in rdpcap('secret_capture.pcapng')if(s:=p.sport-56700)>0])

56700 seemed to be the added offset, after subtracting this from all the port numbers and printing out the ascii representation for those that were still >0 (in range), I got the flag:

HV23{Lo0k1ng_for_port5_no7_do0r$}