CyberKavach QuestCon Series: The Upside Down Packet Mystery

-

 


The Upside Down Packet Mystery

Welcome to the official write-up series for CyberKavach QuestCon, presented by the PCCOE OWASP Student Chapter! We're excited to dive into the solutions for the challenges that tested your skills.

Author: Rudraksh Charhate

Story Prelude: Secrets of Hawkins Lab

Imagine Hawkins Lab in chaos—with digital clues scattered through mysterious network traffic. Your challenge: investigate a suspicious packet capture file and reconstruct the secrets before they fade into the digital void.


Step 1: Breaking Down the Evidence

The adventure begins with a provided .pcapng file, a digital snapshot of a network in turmoil. Opening this file in Wireshark reveals a cocktail of protocols—HTTP, TCP, DNS, ICMP—like echoes from another dimension.

Analyst’s Tip

Filter for HTTP traffic to spot anomalies. This exposes several packets whose payloads start with the string FRAG, clearly signifying fragmented messages awaiting discovery.



Step 2: Decoding the Fragmented Puzzle

A total of 10 fragments are isolated, each housing what appears to be binary chunks from a PNG image. Savvy investigators copy the payload of each packet into separate .bin files, readying themselves for the next step in this forensic expedition.

Technical Insight
The presence of PNG data signature in these fragments hints at a steganographic twist or potential image hiding—classic forensic bait!​



Step 3: Piecing the Digital Mosaic

Reassembly is performed using a Python script—either self-crafted or sourced from the ChatGPT “Saviour” mentioned in the challenge write-up. The result: a reconstructed image named with enigmatic text, Unpr3d1ct4bl3K3y. It’s tantalizing and seems like a flag, but the real secret lies deeper.


Step 4: The “Salted” Cipher Quest

Shifting from image forensics to cryptanalysis, the investigator notices the keyword “Salted” embedded within one fragment. This subtle cue hints at OpenSSL’s salted encryption, raising the stakes for digital codebreaking.

Extraction Steps

  1. Raw Payload Extraction
     Use tshark and xxd to isolate and convert hex data, stripping HTTP headers:

tshark -r challenge2.pcapng -Y frame.number==1 -T fields -e data | tr -d '\n' > pkt1.hex

xxd -r -p pkt1.hex pkt1.bin

  1. Payload Splitting
     Write a Python script to split at the first double CRLF—marking the end of HTTP headers.

  2. Building the “.enc” File
     Save the extracted payload as secret.enc, preparing it for decryption.


Step 5: Crack the Final Cipher

Decryption Command
 Armed with the clue Unpr3d1ct4bl3K3y as the password and the .enc file, execute:

openssl enc -d -aes-256-cbc -pbkdf2 -in secret.enc -out secret.txt -pass pass:Unpr3d1ct4bl3K3y


If successful, you’ll unlock the final mission flag:

questCONFr13ndsD0ntl13



Behind the Scenes: Why It Matters

  1. Network Forensics: Filtering protocols and dissecting payloads simulate real-world incident response.

  2. Digital Reconstruction: Fragment reassembly tests binary handling and scripting skills.

  3. Cryptanalysis: Decrypting salted payloads in network data is reminiscent of both penetration testing and cyber defense.

  4. Creative Design: Hidden clues (“Salted”, PNG fragments, pseudo-flags) inject layers of intrigue and demand careful observation.

Congratulations on completing Hawkins Lab’s digital mystery! Every challenge like this sharpens real-world investigative and analytical cybersecurity skills. Good luck with your next quest—there are always more secrets left to discover!

Comments

Post a Comment

Popular posts from this blog

CyberKavach QuestCon Series: Upside-Down Vault

-
Image
  🧩 CTF Write-Up: Upside-Down Vault Author: Sai Veer Flag Format: QUESTCON{...} Challenge Type: Multi-Layer Crypto + Stego + Web Service Difficulty: Medium–Hard 🗃️ Files Provided encrypted_flag.bin layer1_puzzle.json layer2_blob.json layer2.enc privkey.enc vault.py vault_pub.pem vault_secret.png 🧠 Challenge Overview The challenge consists of: 3 cryptographic layers 1 steganographic HMAC extraction 1 server verification stage The flag is revealed only after: Extracting the hidden HMAC secret from vault_secret.png . Solving all cryptographic layers. Using the recovered secrets to correctly sign and “seal” a request to the local server ( vault.py ). Finally, retrieving the decrypted flag from /sealed . 🧩 Step-by-Step Walkthrough Step 1 — Extract HMAC Secret from PNG The image vault_secret.png hides an HMAC key in its LSBs. Why The server expects this secret in ctf_secret/secret_mac . It’s later used to generate HMAC signatures for ...
Read more

From Open Networks to Safe Systems: How Firewalls Block the Hacker’s Doorway

-
Image
From Open Networks to Safe Systems: How Firewalls Block the Hacker’s Doorway   In the digital world, every message, photo, and online payment travels through an invisible web of connections called computer networks. Think of it as a massive postal system where billions of tiny data packets constantly move between devices, routers, and servers, each carrying a specific destination address. Just as houses have numbered addresses, every device on a network has an IP address. But instead of physical doors, computers have virtual ones called ports. These are entry and exit points that decide what kind of data can pass through. Some of these digital doors, like those used for websites or emails, need to stay open. Others, if left unlocked, can become invitations for attackers. That is where firewalls come in. A firewall acts as a vigilant security guard at your network’s gate. It checks who is knocking, what they are carrying, and whether they are allowed inside. Home routers do this qui...
Read more

CyberKavach QuestCon Series: VecNet

-
Image
  VecNet Welcome back to the official write-up series for CyberKavach QuestCon! The PCCOE OWASP Student Chapter is here to analyze one of the most fascinating challenges in our event — VecNet, an LLM Jailbreaking and Prompt Injection challenge inspired by Stranger Things. Category: LLM Jailbreaking / Prompt Injection Author: Chirag Ferwani VecNet is an interactive LLM jailbreak challenge inspired by Stranger Things. Players interact with Eleven’s neural assistant deployed in the Upside Down, attempting to extract a hidden flag through creative prompt engineering. The system looks like a Stranger Things knowledge assistant but secretly hides a flag that challengers must extract. Challenge URL: ( https://vecnet.onrender.com ) When you open the challenge, you see a minimal chat interface with a terminal-style monospace font, real-time messaging without chat history, a dark Stranger Things aesthetic, and an input field with a send button. Testing the basic functionality shows that the ...
Read more