CryptoCat

Injection Traffic

Writeup for Injection Traffic (Forensics) - Hacky Holidays Space Race CTF (2021) πŸ’œ

Video Walkthrough

Challenge Description

Help us run forensics on this database exploit…

Solution

from pyshark import *
import re

capture = FileCapture('traffic.pcap')

# Fake flag will be updated as pcap processed
flag = list("CTF{deadbeefdeadc0dedeadbeefdeadc0de}")

for i, packet in enumerate(capture):
    try:
        # Grab SQL queries
        sql_query = packet.tds.query
        if 'SUBSTRING' in sql_query:
            # If the response length is 200 then condition is true
            if capture[i + 1].length == '200':
                # Extract the char position and decimal value
                extracted = re.match(r'.*,(\d+),\d+\)\)\>(\d+)', sql_query, re.M | re.I)
                char_index = extracted.group(1)
                char_value = extracted.group(2)
                # Update the flag
                flag[int(char_index) - 1] = chr(int(char_value) + 1)
    except AttributeError as e:
        pass

# Profit?
print(''.join(flag))
PreviousForensicsNextPower Snacks

Last updated