For this challenge, we have a link with some intercepted data:
It’s the traffic incerception of a mail sent from
body of the mail is encoded with the quoted-printable encoding. Let’s save it in
a file and decode it:
So we do have the password for an archive. After a bit of thinkering I thought
to search if there are received mails. The default port for
POP3 is 110, so
Let’s read the mail with
The mail contains an attachment called
secret_flag.zip. Let’s use
write the output of netcat to a file:
nc ugm.cybrics.net 110 | tee received-mail
and run the previous commands to authenticate and retrieve the mail.
We now have to use an editor to extract the base64 encoded attachment, so delete the lines from 1 to 34 and from 1899 to 1901. We also have to remove the line endings to obtain a valid base64 string.
I personally use vim and the command to remove all line endings is
Let’s create the archive and extract it:
base64 -d says that the input is not valid, it’s because
cat adds a
new line at the end.
Opening the PDF file we find the flag: