Net

Filter a PCAP for TCP packets, decode each packet’s payload from hex, and concatenate them in order — the resulting byte stream contains the flag.

The TLS server returns the flag as the negotiated ALPN protocol name. Inject the server’s hostname into /etc/hosts, connect with gnutls-cli specifying –alpn=flag, and read the flag from the TLS handshake output.

The flag is encoded as concatenated 0x-prefixed hex bytes embedded directly in the capture. Strip the prefixes, decode with bytes.fromhex, and print.

Two known-plaintext byte sequences (k and l) from the PCAP header XOR to reveal the repeating key. XOR the encrypted flag block with that key to recover the plaintext.

Filter Ethernet frames with EtherType 0xffff — the custom protocol used by this challenge — collect the destination MAC address from each matching frame, interpret the first two hex bytes as ASCII, and concatenate to reveal the flag.

Run strings on the PCAPNG and grep for ‘flag’ — the flag is stored as plain ASCII inside the capture file and visible without any packet parsing.

The server returns a word from a custom protocol. Wrap the response in the expected format — prepend ‘?’, uppercase, append ‘!’ — send it back, and the server returns the flag.

A sorted word list and a known sequence of binary-search response sizes pin down a unique word character by character. Reconstruct it by matching the precounted word counts at each prefix level.