YubitSec CTF - Lectures? - Forensic

Mark Koskei

April 25, 2017

I tried to log in lectures.yasar.edu.tr but I forgot my id.. But I have this file I think it has my id in it. Can you help me?

Tip: If you can’t see brackets just add them.

Examining the packet capture in Wireshark using the expert information feature reveals an xml file in packet 185.

The Follow the TCP steam feature at packet 185 reveals a HTTP POST request containing a username and password.

Based on the problem statement the username is the flag.

FLAG: YUBITSEC{http_1s_l4m3}