# Fake Boost ## OVERVIEW --- ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1760015837715/a3eca29d-126f-46a9-bc4f-3dff9ecb6405.png align="center") So we are given some file to download . Let’s download it and check it out We got a **capture.pcapng** file . Let’s open it in wireshark to analyze it ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1760017048428/9fde7c43-ec44-4a47-b201-5286141f2e1c.png align="center") We can see a different types of packets Now let’s filer out them with http ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1760017104505/bf4f3334-792d-465a-a56e-6cb86b575516.png align="center") So Let’s Follow the first packet into TCP Stream and see what it has to read ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1760017594014/f6a91bec-6038-4ac7-b357-0d9669008f26.png align="center") As you can see there is a large string in the packet in which you can see the operation that are performed on it which is 1) Reverse 2) Base64 So Let’s decode the given string according to this format also so head to [**CyberChef**](https://gchq.github.io/CyberChef/) ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1760017775315/110a52b8-a90e-4302-aef4-4d2c3ec5397f.png align="center") Here we go we got the plaintext So Let’s Copy it and Paste it where we can read the output clearly (I am using Notepad for this) On Scrolling these details i came to a part where it is written Part 1 and it had a base64 string ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1760017942940/0c1c0ed3-89a9-4aa0-a68a-d1aeb6408c67.png align="center") Let’s Base64 decode it: ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1760018067584/f5eee173-605e-4e5e-a411-011398bcdeef.png align="center") BOOM! We got the First part of our flag Now Let’s Find Another One! Searching in the earlier text i found an **AES base64 encoded key** ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1760018521144/6da9636d-209e-4d94-96d6-100bb12f36c1.png align="center") If this is here that means there will an AES encoded cipher So Let’s find the cipher among the earlier wireshark http packets ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1760018243815/55cf1c7c-122f-42c3-bbb7-de8c7a359bd1.png align="center") Here I found One more packet request suspicious so Let’s follow it in TCP Stream too! ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1760018285220/533688d1-e731-4a10-88a0-f780582bc2bd.png align="center") Well, It looks like a AES encoded string so let’s decode it again in [**AES ONLINE DECODER**](https://www.devglan.com/online-tools/aes-encryption-decryption) First Let’s decode the AES key into plaintext from base64 ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1760018837063/ffa690ce-f8ef-4616-8895-9b0cda36c912.png align="center") And we got the plaintext now let’s head to the online AES decoder to decode the AES ciphertext ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1760019027050/0c8bcd7f-51dc-48f6-85e5-46e0be495156.png align="center") We got some Output Let’s copy it again and paste it to where we can read it easily ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1760019117602/f87536fc-c7d6-44ef-8581-bab893409e0c.png align="center") We got some Base64 encoded data in Email Parameter So Let’s decode it in CyberChef ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1760019234087/7b0d112f-def1-47ba-991a-bb60403ad5e8.png align="center") Here We Go We Got Our 2nd Part Of The Flag Also !! Now Join Them And Enter The Flag ## **WE FINALLY DID IT !!!! CHALLENGE SOLVED !!** ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1760019341008/c0b2c4c1-cb88-427d-96bd-34c39b300cf5.jpeg align="left") For Any Query Or Problem Either Leave A Comment Or Contact At [**reapsec.com**](http://reapsec.com/) **THANKS FOR READING !!!**