Forensics - MarshallInTheMiddle

Hello everyone,
I ask to who has already completed this challenge: is still possible to complete it, or maybe there are some informations that should be retrieved from expired links?
I think I’ve found the right track, it seems to be clear what appened, but can’t find any flag.

Anyone?

All the information you need to solve this challenge is inside the zip file.

As alamot said, everything you need to complete the challenge is inside the zip file. Brush up a little bit on wireshark. There are some very obvious things within the zip file which should give it away.

Can someone PM me the right format to input the flag. The challenge seems obvious, but I, for the life of me, cannot figure out how to input it. As i understand it should be HTB {}, but how to put it inside?

@ndabbot said:
Can someone PM me the right format to input the flag. The challenge seems obvious, but I, for the life of me, cannot figure out how to input it. As i understand it should be HTB {}, but how to put it inside?

The flag is found in the correct format - HTB{flag_goes_here}

@BROX said:

@ndabbot said:
Can someone PM me the right format to input the flag. The challenge seems obvious, but I, for the life of me, cannot figure out how to input it. As i understand it should be HTB {}, but how to put it inside?

The flag is found in the correct format - HTB{flag_goes_here}

To reiterate, when you search for the flag within this challenge the flag will be in the format: HTB{stuff_here}. So for example, if you solved this challenge, and you discovered that the flag was: HTB{this_is_only_an_example_and_not_the_flag} you would input the string HTB{this_is_only_an_example_and_not_the_flag} as the text in the solution box.

As everyone has said, everything is in the zip file. Start doing Google searches for the stuff you see in the zip file and lookup what some of the files are used for.

I am quite shure I found the sensible data that was stolen, but I can not see a “flag”. Can someone give a hint on what this flag looks like?

If you found the stolen data, you will easily find the flag. Otherwise, you probably just have a lead - follow that

I’m still stuck on this. Any hints? I’ve found the stolen data. Any hints? Please PM

@anikka if you found the stolen data, you have the flag. Otherwise, you did not find stolen data, just the method by which it was stolen. Try harder :slight_smile:

@rotarydrone said:
@anikka if you found the stolen data, you have the flag. Otherwise, you did not find stolen data, just the method by which it was stolen. Try harder :slight_smile:

I got it! Thanks for all the clues.

I got some information about the pastebin, the traffic. But the flag is not there. I think the flag is in another flow of information, I got the content but I can’t put this in a plain text. Could someone let me a hint?

Hi, im new to this. Can anybody please guide me on how to solve this challenge? I really have no clue on where to start

Some days trying. Any tips?

Guys, hints please… I can find what is was stolen but not the flag ? Shoud I decode the ssl traffic ?

finally got it!
learned a bunch.
PM me if you need help.

@giggi0x00 said:
Guys, hints please… I can find what is was stolen but not the flag ? Shoud I decode the ssl traffic ?

Yep. If you dont know how, read and learn how to:
using a pre-master secret key to decrypt SSL