You intercepted a phone conversation between two terrorists. Their organization targets places where large numbers of people gather. We believe they are planning the next attack soon, help us find the city where the next attack will occur.
The flag to find is the concatenation of the caller’s name, their phone number, and the target city. (If there is a space in the name or city, replace it with a hyphen “-“. Case sensitive)
ESD{John-Doe_59426587_Le-Pellerin}
Table of contents:
Given File
We are given the following pcapng file :
Analysis
By launching our file with Wiresark, we can notice as obviously a SIP exchange :
So let’s follow the UPD trafic.
Here, we can already get the two first parts of the flag: Big-J and 8005000.
Unfortunately we cannot retrieve textual information concerning the city targeted by these attackers. We can therefore lean towards the audio playback of the call.
Let’s go to Téléphonie > Appels VoIP section :
We’re now able to listen the call.
We can hear Festival du Hellfest
🚩
ESD{Big-J_8005000_Clisson}
Thanks for reading !
Mentions
Special mentions to: