Easy as it (TCP) Streams

Solution

https://metaproblems.com/46dc63e7dbfa1ca757a459063dff0959/easy_as_it_streams.pcapng

Downloaded the pcap, then opened in Wireshark. Scrolled to bottom since capture was "cut off". Right clicked to follow stream. Pasted image 20220908152000

Oh, theres three tcp streams, 1 is the interaction that the user had with the terminal, the other is a private pgp key block, and the third is a message. Pasted image 20220908152011 Pasted image 20220908152025 Ok, I was able to put the PGP private key into cyberchef along with the passphrase shown in the encrypt command, and I got the output of the message. Pasted image 20220908152040 Then I added the Magic function to the recipe, and saw that it just needed to gunzip and the cleartext flag was there. Pasted image 20220908152056 Flag:

MetaCTF{cleartext_private_pgp_keys}

Next: |Pattern of Life

Cyber Security Notebook

Easy as it (TCP) Streams

Instructions

Solution