Challenge - Week 15

Hjelp! (Ukas utfordring)

Send inn riktig svar (husk at flagget du leter etter følger samme format som vanlig, BVT{}) via dette skjemaet, og kommenter en passende GIF eller en emoji i kommentarfeltet på #bouvet-informerer for å bli med i trekningen av en 🎁

Du kan finne alle tidligere løsninger her.

This was a challenge to make people aware of that no matter what tech support asks you for, whether it’s a .HAR, .PCAP or anything else, you must always make sure it doesn’t contain anything sensitive. Even if the intentions are good (receiving help!), one might unintentionally give away credentials, other secrets as well as infrastructure details.

Solution

Oh crap, poor mr. Johansen! Visiting his website just showed a form which asked one to simply
“Enter password”.
  …some people didn’t.

Anyway, upon entering password as password, one was greeted with a text.
> Upon troubleshooting my server, tech support asked me to run a command, which generated a file that I, naively, sent to them.
> Can you help me make sure it’s clean and there’s no risk of a data leak?
> Grab it here!
>
> Thanks a lot for your help
> BjornJohansen066

The file was a Packet Capture (.pcap) file, which contains a dump of the network interface’s traffic.
Opening the file in Wireshark (or any other tool made for analyzing a .pcap) revealed a dump of TCP traffic between two hosts.
Following the TCP stream revealed that mr. Johansen had logged on to, what seems to be a server, and issued a few commands. Upon looking closely at the output of the ls (the equivalent of dir on Windows systems), we can see that this most likely is the web server of the challenge (the challenge.pcap file is there)!

Visiting the supersecret.txt file shows us the flag.

The flag

BVT{traffic-captures-can-contain-sensitive-data}