Hi All,

As we can see, it contains over than 5,700 packets. I suppose that you don’t want to check them all:P


[Wireshark](https://github.com/wireshark/wireshark) and file’s number of packets, source: DownUnderCTF 2024 — Baby’s First Forensics

Strings utility connected with grep for instance is often quite good idea.


Checking the file with strings and grep utilities — nope, source: DownUnderCTF 2024


Checking the file with strings and grep utilities — nope (in these examples), source: DownUnderCTF 2024

But unfortunately, not this time:D At least, not in this way.

Let’s use awesome [Wireshark](https://www.wireshark.org/) again! Sorted by ID (No. — number):


Wireshark in action — sorted by ID (No. — number), source: DownUnderCTF 2024

And now, sorted by Protocols:


Wireshark in action — sorted by Protocols, source: DownUnderCTF 2024

Voilà!

Flag — solution: **DUCTF{nikto_2.1.6}**

Bonus info!


Flag from other approach, source: DownUnderCTF 2024

You could also take a Flag using strings utility and grep ‘User-Agent’.

Bonus info #2!

Additional resources:

https://github.com/sullo/nikto/

https://www.freecodecamp.org/news/an-introduction-to-web-server-scanning-with-nikto

https://en.wikipedia.org/wiki/Nikto_(vulnerability_scanner)

https://www.cisa.gov/resources-tools/services/nikto

I hope you enjoy!

Original writeup (https://medium.com/@embossdotar/ctf-writeup-downunderctf-2024-babys-first-forensics-39de2a121eb7).