5 files changed, 14 insertions, 0 deletions

diff --git a/chall/description b/chall/description
new file mode 100644
index 0000000..9cce989
--- /dev/null
+++ b/chall/description
@@ -0,0 +1 @@
+We were able to capture a hidden service. Could you recover the secret order?
diff --git a/chall/intro-forensics-2.zip b/chall/intro-forensics-2.zip
new file mode 100644
index 0000000..37eadf0
--- /dev/null
+++ b/chall/intro-forensics-2.zip
diff --git a/solve/flag b/solve/flag
new file mode 100644
index 0000000..f82fe59
--- /dev/null
+++ b/solve/flag
@@ -0,0 +1 @@
+CSCG{kn0cking_on_heavens_d000r}
diff --git a/solve/intro-forensics-2.pcapng b/solve/intro-forensics-2.pcapng
new file mode 100644
index 0000000..2c10651
--- /dev/null
+++ b/solve/intro-forensics-2.pcapng
diff --git a/solve/solve b/solve/solve
new file mode 100755
index 0000000..5365871
--- /dev/null
+++ b/solve/solve
@@ -0,0 +1,12 @@
+#!/usr/bin/env python3
+
+from base64 import b64decode
+import subprocess
+import requests
+import re
+
+packet_filter = "ip.src_host == 192.168.178.21 && ip.dst_host == 45.142.177.160 && tcp.flags.syn == 1"
+cmd = f"tshark -nr intro-forensics-2.pcapng -Y '{packet_filter}' -T fields -e tcp.dstport"
+ports = subprocess.check_output(cmd, shell=True).decode().split("\n")
+ports = b"".join([int.to_bytes(int(p), 2, "big") for p in ports if p.strip() != ""])
+print(ports.decode())