Magnet Weekly CTF Challenge Week 11 Writeup - Killing Two Birds With One Stone
The challenge of this week was a standard 2-parter. Even though it was not a lengthy challenge, I had learnt that one could reconstruct network pcaps from a memory image. 😁
Using the "bulk_extractor64.exe -x all -e net -o test/ memdump.mem" command, a packets.pcap file would be obtained.
Wireshark could open the packets.pcap file and the answer (220.127.116.11) could be seen immediately.Part 2 of the challenge could also be solved easily as it asked:The answer to part 2 (www3.l.google.com) could also be seen immediately from the same Wireshark screenshot.