Fake Boost

OVERVIEW

---

So we are given some file to download . Let’s download it and check it out

We got a capture.pcapng file . Let’s open it in wireshark to analyze it

We can see a different types of packets Now let’s filer out them with http

So Let’s Follow the first packet into TCP Stream and see what it has to read

As you can see there is a large string in the packet in which you can see the operation that are performed on it which is

1) Reverse

2) Base64

So Let’s decode the given string according to this format also so head to CyberChef

Here we go we got the plaintext So Let’s Copy it and Paste it where we can read the output clearly (I am using Notepad for this)

On Scrolling these details i came to a part where it is written Part 1 and it had a base64 string

Let’s Base64 decode it:

BOOM! We got the First part of our flag Now Let’s Find Another One!

Searching in the earlier text i found an AES base64 encoded key

If this is here that means there will an AES encoded cipher So Let’s find the cipher among the earlier wireshark http packets

Here I found One more packet request suspicious so Let’s follow it in TCP Stream too!

Well, It looks like a AES encoded string so let’s decode it again in AES ONLINE DECODER

First Let’s decode the AES key into plaintext from base64

And we got the plaintext now let’s head to the online AES decoder to decode the AES ciphertext

We got some Output Let’s copy it again and paste it to where we can read it easily

We got some Base64 encoded data in Email Parameter So Let’s decode it in CyberChef

Here We Go We Got Our 2nd Part Of The Flag Also !!

Now Join Them And Enter The Flag

WE FINALLY DID IT !!!! CHALLENGE SOLVED !!

For Any Query Or Problem Either Leave A Comment Or Contact At reapsec.com

THANKS FOR READING !!!