import struct def parse_pcap(filename): """Parse PCAP file and return packet data""" with open(filename, 'rb') as f: # Skip global header (24 bytes) f.read(24) packets = [] packet_num = 1 while True: # Read packet header (16 bytes) packet_header = f.read(16) if len(packet_header) < 16: break # Parse packet header ts_sec, ts_usec, incl_len, orig_len = struct.unpack('IIII', packet_header) # Read packet data packet_data = f.read(incl_len) if len(packet_data) < incl_len: break packets.append({ 'num': packet_num, 'data': packet_data, 'length': incl_len }) packet_num += 1 return packets def extract_flag(packets): """Extract flag from last bytes of packets""" message_chars = [] print(f"Total packets: {len(packets)}\n") print("Extracting last byte from each packet:\n") print("Packet# | Last Byte (hex) | ASCII | Printable") print("-" * 60) for pkt in packets: if len(pkt['data']) > 0: last_byte = pkt['data'][-1] is_printable = 32 <= last_byte <= 126 # Print analysis for first 50 packets if pkt['num'] <= 50: ascii_char = chr(last_byte) if is_printable else '.' print(f"{pkt['num']:6d} | 0x{last_byte:02x} | {ascii_char:5s} | {is_printable}") # Collect printable characters if is_printable: message_chars.append((pkt['num'], chr(last_byte))) # Build the message message = ''.join([char for _, char in message_chars]) print("\n" + "=" * 60) print("EXTRACTED MESSAGE:") print("=" * 60) print(f"\nPrintable characters found in packets: {[num for num, _ in message_chars]}") print(f"\nFull message: {message}") # Look for flag pattern if 'HTB{' in message: start = message.index('HTB{') end = message.index('}', start) + 1 flag = message[start:end] print(f"\n🚩 FLAG FOUND: {flag}") else: print("\n⚠️ No HTB{...} pattern found in message") return message if __name__ == "__main__": pcap_file = "sniffed.pcap" try: print(f"Parsing {pcap_file}...\n") packets = parse_pcap(pcap_file) message = extract_flag(packets) except FileNotFoundError: print(f"Error: {pcap_file} not found!") except Exception as e: print(f"Error: {e}")