# Get the Key!

#SECCON CTF’14

Points: 100
Category: Network

nw100.pcap

Hint: None

## Write up

We can analyze the file using WireShark. Looking at the traffic, we can say that the user requested for a bunch of HTML’s and images . Let us export all the HTML objects and see.

Some of them are simple gif’s but on opening the  nw100  html page in the browser we see that there is a file called  key.html  . This is the one which contains the flag. Now we return to WireShark and find out the server address to where the request is sent.

On going to  http://133.242.224.21:6809/nw100/key.html  we find that it asks for authentication -

In WireShark we find the packet in which he sends his login information to the server and analyze it.

On following the TCP Stream we find that the authorisation was Basic and we have the Base-64 encoding of the id and the password in the folowing format -  id:password

After the conversion of c2VjY29uMjAxNDpZb3VyQmF0dGxlRmllbGQ=  to ASCII we get the string as -  seccon2014:YourBattleField

Using these credentials on the authentication page we are granted access to the  key.html  file. This, on opening gives us the flag.

Flag :

SECCON{Basic_NW_Challenge_Done!}