Tags: pcap
Rating:
# ▼▼▼Missed Registration (Forensics:150)(143/1444 team=9.9%)▼▼▼
**This writeup is written by [@kazkiti_ctf](https://twitter.com/kazkiti_ctf)**
```
It's registration day! These forms just seem longer and longer...
UPDATE 10:44 Eastern: New pcap that should be a bit easier to work with.
UPDATE 2:58 Eastern: We're regenerating due to flag leaks, submissions disabled until then. Please be patient.
Update 3:31 Eastern: Updated pcap with new flag after leak. Please re-run your solutions on the file!
・cap.pcap file is given.
```
### 【Analytics】
・A lot of HTTP protocol are transmitted.
・it seems to be a **BMP file** because **the value of the x parameter** of the first request begins with **42 4d**.
### 【exploit】
Extract & combine the value of x parameter
↓
`$ strings cap.pcap | grep "x=" |sed 's/.*x=\([a-f0-9]*\).*/\1/' > test.txt`
`$ xxd -r -p test.txt test.bmp`
↓
**FLAG{3Am_LaunDR3Y_FL4G_L34kz!}**