KringleCon 4: Four Calling Birds WriteUp - Customer Complaint Analysis
Posted: Jan 22, 2022 | ~ 1 min read time#ctf #kringlecon-2021 #network #wireshark
Objective: Customer Complaint Analysis
A human has accessed the Jack Frost Tower network with a non-compliant host. Which three trolls complained about the human? Enter the troll names in alphabetical order separated by spaces.
We’re given a packet capture (pcap) to analyze the web traffic. First things first, I checked out the TCP streams. This feature of Wireshark will organize the packets so you can follow the thread between the two IPs of interest.
From there, I noticed the packets containing the form input all have the same content-type so I filtered the pcap to only include urlencoded-form.
Now it’s just a matter of scrolling through the forms and finding the guest complaint. In this case, the guest Muffy VonDuchess Sebastian is in room 1024.
From here, we can pivot to find all complaints involving room 1024.
To see my other writeups for this CTF, check out the tag #kringlecon-2021.