Gian Klug

Swiss Hacking Challenge 2023 - evil potato

Posted on Apr 23, 2023

Information

Challenge category: forensics

Challenge Description

Holy guacamoly. I somehow managed to download a evil potato and all my super secret browser history got leaked. I hope no one finds the password to my OnlySHC Account :(

Files

We are given an evil_potato.zip file. It contains an evil_potato.pcapng file.

Exploitation

We can either use Wireshark or tshark. I’ll be using tshark:

tshark -r evil_potato.pcapng

This dumps the whole file; we can also grep for the flag:

tshark -r evil_potato.pcapng | grep shc

Flag

The flag is: shc2023{del3te_the_brows3r_hist0ry_before_i_di3}

Conclusion

Very easy, solved this on my phone after SHC started xD

References

  1. (https://hackertarget.com/tshark-tutorial-and-filter-examples/)[https://hackertarget.com/tshark-tutorial-and-filter-examples/]
  2. (https://serverfault.com/questions/219565/cli-tool-for-analyzing-pcap-captures)[https://serverfault.com/questions/219565/cli-tool-for-analyzing-pcap-captures]