The Secret Message
First, we found that they uploaded the file via the HTTP protocol.
So, we need to export objects from the HTTP protocol in the PCAP file.
When we opened PHP files, we found some issues. Maybe PHP is not the real format.
We used a hex editor to erase some noise on the top. PK is a signature used for zip files.
and bottom also.
When we finish, it should look like this.
After that, we saved the file in the zip format and extracted it four times. Note that you can also use CyberChef.
Then we found some messages that looked like they were base64 encoded.
Bingo! After we sorted and decoded, we got the flag.
