GreyCTF 2025 Connection Issues Forensics Challenge Full Writeup.

0xodinx

 GreyCTF 2025 Qualification Connection Issues Forensics Challenge.

 

Grey ctf 2025 Writeup - dp1h3r0x

 

❇️ Description :-

We are given a PCAP file where an employee suddenly lost internet connectivity while browsing the web. Our task is to analyze the network traffic and determine the cause of the disconnection.


Step1 :- Analyze the traffic capture .


I began by opening the provided traffic.pcapng file in Wireshark to analyze the captured network traffic.


in Wireshark to analyze the captured network traffic



Noticed normal HTTP traffic a request to 192.168.100.1 with a response containing a message: “Hope you’re enjoying GreyCTF so far :D”.

 

 

Step 2 :-  Checking Lower-Level Protocols


Since the issue wasn’t visible in HTTP/TCP, we inspected ARP traffic [a protocol used for resolving IP addresses to MAC addresses].

 

 

Checking Lower-Level Protocols

 

 

While inspecting ARP packets, we noticed some had unusual data in the padding/frame section.
Extracted the data section of these packets and found Base64-encoded strings :-

Z3JleXtk
MWRfMV9q
dXM3X2dl
N19wMDFz
b24zZH0=

 

 

Step 3 :-  Decoding the Base64 Chunks

 

Decoding the Base64 Chunks - Greyctf2025

 

 

After decoding the chunk, I got the flag.

 

 

Flag :-  

 

grey{d1d_1_jus7_ge7_p01son3d}

 

 

      Thank you for reading this writeup.          



Read More Blog........




 

 

0 Comments