Elizabeth Jocelyn "Jake" Feinler (born March 2, 1931) is an American information scientist. From 1972 until 1989 she was director of the Network Information Systems Center at the Stanford Research Institute (SRI International). Her group operated the Network Information Center (NIC) for the ARPANET as it evolved into the Defense Data Network (DDN) and the Internet. - Wikipedia Entry
Chal: We found this PCAP but we did not know what to name it. Return the flag to this Internet Hall of Famer
Author: Rusheel
Tags: forensics
The pcap capture delivered for this challenge is very small and contains a list of domain queries:
$ tshark -r NoName.pcap
1 0.000000 192.168.1.27 → 192.168.1.1 DNS 66 Standard query 0x0000 A 143.google.WiCys.com
2 0.000314 192.168.1.27 → 192.168.1.1 DNS 63 Standard query 0x0001 A 150.fit.WiCys.edu
3 0.000582 192.168.1.27 → 192.168.1.1 DNS 63 Standard query 0x0002 A 143.fit.WiCys.edu
4 0.000771 192.168.1.27 → 192.168.1.1 DNS 66 Standard query 0x0003 A 164.netflix.WiCys.in
5 0.000947 192.168.1.27 → 192.168.1.1 DNS 66 Standard query 0x0004 A 146.google.WiCys.com
6 0.001260 192.168.1.27 → 192.168.1.1 DNS 63 Standard query 0x0005 A
...The interesting part seems to be the subdomains which are numbers. After some trial and error the numbers turned out to be octal numbers. Converting them gives the flag:
numbers = [0o143, 0o150, 0o143, 0o164, 0o146, 0o173, 0o143, 0o162, 0o63, 0o141, 0o164, 0o60, 0o162, 0o137, 0o60, 0o146, 0o137, 0o144, 0o60, 0o155, 0o141, 0o151, 0o156, 0o137, 0o156, 0o64, 0o155, 0o63, 0o137, 0o163, 0o171, 0o163, 0o164, 0o63, 0o155, 0o175]
print("".join(chr(x) for x in numbers))Flag chctf{cr3at0r_0f_d0main_n4m3_syst3m}