This is the easiest task :D
Hint : index.php?-s
In wireshark we filter the http paquets.
Awsome, we found the rootkit being uploaded by the hacker
We get its content and we save it to the disk
The file is protected by a password ? lets try to find the packets containing the archive extraction commands, by entring the filter expression : udp matches unzip
Here we get it, The password used to unzip the rootkit is "alongpassword1234"
We open the archive file with the password found, inside the flag.txt file we get the flag to validate this task :
Instead of a rootkit we will just give you a flag: ebCTF{b78dc61ce895a3856f3520e41c07b1be}
Hint : index.php?-s
In wireshark we filter the http paquets.
Awsome, we found the rootkit being uploaded by the hacker
We get its content and we save it to the disk
The file is protected by a password ? lets try to find the packets containing the archive extraction commands, by entring the filter expression : udp matches unzip
Here we get it, The password used to unzip the rootkit is "alongpassword1234"
We open the archive file with the password found, inside the flag.txt file we get the flag to validate this task :
Instead of a rootkit we will just give you a flag: ebCTF{b78dc61ce895a3856f3520e41c07b1be}
