MOCTF-PAWN-Question_pcap_pw_MOCSCTF2022 password:MOCSCTF2022 (your antivirus may raise alert because this pcap contain real attack traffic)
- The exfiltrated txt file name is TU9DU0NURi1QQU5XLUNPUlRFWC0yMDIy.txt, use CyberChef to decode with Base64. You will get the flag MOCSCTF-PANW-CORTEX-2022.
Two way to get the flag, either decode the file name with Base64 or content of export the txt file
TIPS: https://unit42.paloaltonetworks.com/using-wireshark-exporting-objects-from-a-pcap
