PicoCTF_2017: Special Agent User

Category: Forensics Points: 50 Description:

We can get into the Administrator's computer with a browser exploit. But first, we need to figure out what browser they're using. Perhaps this information is located in a network packet capture we took: data.pcap. Enter the browser and version as "BrowserName BrowserVersion". NOTE: We're just looking for up to 3 levels of subversions for the browser version (ie. Version 1.2.3 for Version and ignore any 0th subversions (ie. 1.2 for 1.2.0)


Where can we find information on the browser in networking data? Maybe try reading up on user-agent strings.


Looking in packet #93, we find the User-Agent(I get the reference)

Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36

Attempting to pass Mozilla 5.0, Safari 537.37 results as invalid flag but Chrome 36.0.1985 results in the correct flag.

Therefore, the flag is Chrome 36.0.1985.