The Silent Exfiltration - Solve CTF Challenge

Using wireshark to analyze

I found out that this pcap file captured mostly TCP and HTTP protocol. So I filter only the http protocol and found out a very interesting traffic.

53144   114.784612  192.168.163.137 192.168.163.160 HTTP    210 GET /admin/flag.zip HTTP/1.1 
53147   114.785856  192.168.163.160 192.168.163.137 HTTP    285 HTTP/1.0 200 OK  (application/zip)

Export the packet bytes, I have the flag.zip. But it is password protected so I have to find the password inside this pcap file

➜  The Silent Exfiltration: 7z l flag.zip

7-Zip 25.01 (x64) : Copyright (c) 1999-2025 Igor Pavlov : 2025-08-03
 64-bit locale=C.UTF-8 Threads:8 OPEN_MAX:1024, ASM

Scanning the drive for archives:
1 file, 219 bytes (1 KiB)

Listing archive: flag.zip

--
Path = flag.zip
Type = zip
Physical Size = 219

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
2026-02-03 15:14:37 .....           27           47  flag.txt
------------------- ----- ------------ ------------  ------------------------
2026-02-03 15:14:37                 27           47  1 files

51985   77.435278   192.168.163.160 192.168.163.137 HTTP    273 HTTP/1.0 200 OK 

I check the data of this traffic and fount out the message: The secret zip hash that I should delete: e85a3b267e94f3721117fc7ac54fbeba

I check the hash online and the result is: e85a3b267e94f3721117fc7ac54fbeba:Letmein!

So the password of the zip file is: Letmein!

The flag is: FIA{cy83r_k1ll_ch41n_huh?}