Luciafer's Fatal Error

Challenge:

Luciafer, consummate hacker, got cocky and careless. She made a fatal mistake, and in doing so, gave control of her computer to… someone. She ran a program on her computer that she shouldn't have.

What is the md5sum of the program? Submit the flag as: flag{MD5}.

Use the PCAP from Monstrum ex Machina

Solution:

While solving the SUM of All FEARS challenge we observed a 3rd binary not related to that challenge (nor any subsequent challenge) so had a hunch it might be related to this challenge.

$ cat http.log | zeek-cut uri resp_fuids | grep -E "bin|exe"

/secret_decoder.bin	FpKjLR1yS7Jlxq9tYg

We pull the MD5 hash from Zeek's file.log based on the file id in http.log and submit it as the flag.

$ cat files.log | zeek-cut fuid md5| grep FpKjLR1yS7Jlxq9tYg
FpKjLR1yS7Jlxq9tYg	42e419a6391ca79dc44d7dcef1efc83b

The accepted flag was: flag{42e419a6391ca79dc44d7dcef1efc83b}