In this article, we are going to solve an OSINT challenge from Hacktoria called as “On the Wire”.
Like always before starting, download all the assets which include the flag file. It is clear that the flag file will have the bit.ly link hidden inside, which will take us to our precious contract card and thus completing the contract.
Here is the description, I would suggest you to take points from it.
Greetings Special Agent K. One of our field agents in Malaysia managed to physically breach the office of a corrupt politician. Doubling as a mole for a Chinese criminal enterprise, mostly smuggling endangered animals. In this case their evil business involves shark fin trade and other exotic food items.
During the breach, our agent successfully obtained several pieces of information on the organization. Currently this does not include their name, as they only communicate using anonymous messages and codenames.
We hope that the information, which includes pictures, floorplans, data dumps and packet captures. Will lead to a more complete picture of this organization. We know that the Malaysian government will be exceptionally happy to get this criminal enterprise out of its borders.
All data has been divided over several agents. Your segment for this contract is the analysis of a packet capture file. Figure out what is being communicated and find the message that matters. This message will lead to your Contract Card.
As always. Special Agent K, the contract is yours, if you choose to accept.
The second link you are directed to via the packet capture, is the password for the flagfile. (updated at 23.11.2022)
Read the last line carefully. Here is the zip file, extract it to get the .pcapng (the packet capture file)
Analyzing this took me around 90 minutes.
But finally, I found this packet no. “33621" with pastebin link.
In the cybersecurity world, pastebin is infamous for storing links and files from data dump and hacks all over the globe. So, it is only obvious that I should check it out. Paste this link on your browser and it will take you to your bit.ly and from their we can get our contract card.