Description

  • The dimension of a playground is given as 1359x789.
  • Can you find out the most important information hidden in this file using the given data?

Solution

  • Download the file.
  • We shall understand that there are some errors in the Hex values.
  • So let’s correct it.

--

--

  • After analyzing several packets we can conclude that there is something to be done with ICMP.
  • So apply the ICMP filter and start analyzing.
  • We can see that packets from the source = 192.168.1.200 has some ZIP Magic Numbers.
  • In scapy there are lots of ways to extract the data.
  • We can see that the hex values of the ZIP start from the hex position x002A in all ICMP packets.
  • The Bytes Equivalent of Hex = x002A is 42 Bytes.
  • So slice the rest of the chunks.
  • It can be indentified by seeing the hex of the ZIP.

--

--

S Abhishek

S Abhishek

12 Followers

✨ Computer Science Undergraduate from Amrita Vishwa Vidyapeetham. 🧑‍💻 Member of security research & CTF team — @teambi0s. 🌱 I’m currently working on DFIR.