There was only a dns query packet in the packet file, so while looking at each udp stream, I checked the list of subdomains for queries that were assumed to be base64



I decoded it with base64, but I found out that it was encrypted with a certain rule, and through Sir vignere given in the problem description, I inferred that the key was to decode Vigenère with Knight. This was programmed with Python code.

```python
from scapy.all import *
import base64
from string import *

enc = ''
packet = rdpcap("find-me.pcapng")[DNS]
for i in packet:
if i[IP].src == "8.8.8.8":
query = i[DNSQR].qname
query = query.decode()
if query.count('.') == 3:
enc += query.split('.')[0]

enc = base64.b64decode(enc).decode()
flag = ''
i = 0
n = 0

while True:
if i != len(enc):
if enc[i] in ascii_uppercase:
key = "KNIGHT"[n % 6]
flag += chr((ord(enc[i]) - ord(key)) % 26 + ord('A'))
n += 1
elif enc[i] in ascii_lowercase:
key = "knight"[n % 6]
n += 1
flag += chr((ord(enc[i]) - ord(key)) % 26 + ord('a'))
else:
flag += enc[i]

i+=1
else:
break

print(flag)
```

FLAG : ```KCTF{h1_th3n_wh0_ar3_y0u}```