Our person on the "inside" of Ghost Town was able to plant a packet sniffing device on Luciafer's computer. Based on our initial analysis, we know that she was attempting to hack a computer in Lytton Labs, and we have some idea of what she was doing, but we need a more in-depth analysis. This is where YOU come in.
We need YOU to help us analyze the packet capture. Look for relevant data to the potential attempted hack.
To gather some information on the victim, investigate the victim's computer activity. The "victim" was using a search engine to look up a name. Provide the name with standard capitalization:
NOTE: All of the packet capture challenges use this PCAP file.
We began this challenge like all others involving a PCAP, with Zeek combined with a custom CTF-centric script:
$ zeek -Cr pcap-challenge-final.pcapng ~/Tools/ctf_pcaps.zeek
Given the clue that the traffic contains a search, we parsed Zeek's http log for the term "search" and identified the search in the last line of output:
$ cat http.log | zeek-cut host uri | grep -i search zhidao.baidu.com /search?ct=17&pn=0&tn=ikaslist&rn=10&lm=0&ie=utf-8&word="charles geschickter"
The accepted flag was,