Flare-On 2021: wizardcult

• [1] credchecker
• [2] known
• [3] antioch
• [4] myaquaticlife
• [5] FLARE Linux VM
• [6] PetTheKitty
• [7] spel
• [8] beelogin
• [9] evil - no writeup :(
• [10] wizardcult

The last challenge in Flare-On 8 was probably not harder than the ninth one, but it might have been the one I had the most fun attacking. In a mad rush to finish on time, I didn’t take great notes, so instead, I went back and solved it start to finish on YouTube.

Challenge

We have one final task for you. We captured some traffic of a malicious cyber-space computer hacker interacting with our web server. Honestly, I padded my resume a bunch to get this job and don’t even know what a pcap file does, maybe you can figure out what’s going on.

The archive (password “flare”) contains a PCAP file:

$ file wizardcult.pcap
wizardcult.pcap: pcap capture file, microsecond ts (little-endian) - version 2.4 (Ethernet, capture length 262144)

Solving It

Full solution is on YouTube:

Flag: wh0_n33ds_sw0rds_wh3n_you_h4ve_m4ge_h4nd@flare-on.com