NetworkMedium

CAPTCHA 2.0

9/19/2025

by yeknom

WHYCTF-2025

WriteUp

CAPTCHA 2.0

📋 Description

Someone hacked our MCH challenge Captcha, luckily we still have the network logs.

🎯 Goal

Find the flag from network logs of captcha.ctf.zone

🔗 Given Files

captcha-2.0.pcap

🛠️ Tools Used

tshark
grep
sed
awk

💡 Walkthough

Inspected PCAP with tshark; traffic showed many POSTs to login.php and responses echoing inputs.

Exported all HTTP objects for offline sorting.

Identified a blind SQLi pattern in home*.php pages:

# Overview
tshark -r captcha/captcha-2.0.pcap -qz io,phs | cat

# Export HTTP objects
tshark -r captcha/captcha-2.0.pcap --export-objects "http,captcha/http_objects" | cat

# Extract position→char pairs from responses
grep -RIn "SUBSTR(password" captcha/http_objects/home*.php \
|| sed -E "s/.*SUBSTR\(password,([0-9]+),1\).*= '(.).*/\1 \2/" \
|| sort -n > captcha/password_positions.txt

# Reconstruct the password/flag
awk '{printf "%s", $2} END {print ""}' captcha/password_positions.txt > captcha/flag.txt

Command Palette

CAPTCHA 2.0

CAPTCHA 2.0

📋 Description

🎯 Goal

🔗 Given Files

🛠️ Tools Used

💡 Walkthough

🏴Flag