Disclaimer: I'm just an enthusiast in Security Area/Capture The Flags Challenges. I don't exactly know the answer of this challenge, but I have a guess. This repository is only to gather all information I have about it.
The challenge was found in the Job Application for Blue Team of Nubank Jobs Page. (currently the job application page is down)
You can download the file from the link bellow: Download file
The string 36f3e3709766c41204bafcd21a96f691
is a MD5 hash generated with the content of the file, you can see this running the command below:
cat 36f3e3709766c41204bafcd21a96f691 | md5sum
Output is the MD5 hash like the file name:
36f3e3709766c41204bafcd21a96f691 -
Originally the file does not have a explicit extension saying what it is about. So you have to run file 36f3e3709766c41204bafcd21a96f691
in your terminal to know it is a tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 65535).
The extensions usually is .pcap
, associated with Wireshark; a program used for analyzing networks. See more at https://en.wikipedia.org/wiki/Pcap
- Install Wireshark and open the file
36f3e3709766c41204bafcd21a96f691
. - Go to Statistics > Protocol Hierarchy in the menu.
- The following appears:
There is 53.9% of SSH encrypted packets in the dump. Is this a distraction or something helpful?
I think the answer is in the package 1526. It's a DNS package containing a string {-/r3g1st3R|W3LC0m3_1337#pc4ps_n3v3r_l13 04/04}
.
Would like to help? Feel free to open an issue or send a PR.