Challenge Description

Someone leaked the flag over the internet.

Find the flag. Flag format CTF{sha256}

Flag proof

CTF{4fa27628dd9210775c76263c0d6bef0f86b80e3fef78c072879d639e34ba6734}

Summary

Import the given keys in Wireshark and then search for ?flag requests to get the flag.

Details

I initally followed the steps here: https://support.f5.com/csp/article/K05822509 for importing the keys given to us by the author. I then downloaded the decrypted data and searched for "CTF" (using vim), and I found requests to bit-sentinel with ?flag request. I searched for them in wireshark, and found multiple requests to bit-sentinel with the ?flag request.

http://thefewchosen.com:8080/pad/uploads/9ff1c5011632de376854b7624.png

http://thefewchosen.com:8080/pad/uploads/9ff1c5011632de376854b7623.png

There are three requests, with the parameters:

After appending them in order, we get:

CTF{4fa27628dd9210775c76263c0d6bef0f86b80e3fef78c072879d639e34ba6734}