Hello,
We've been suspecting Swiss Secure Cloud of secretely doing some pretty advanced research in artifical intelligence and this has recently been confirmed by the fact that one of their AIs seems to have escaped from their premises and has gone rogue. We have no idea whether this poses a threat or not and we need you to investigate what is going on.
Luckily, we have a spy inside SSC and they were able to intercept some communications over the past week when the breach occured. Maybe you can find some information related to the breach and recover the rogue AI.
X
Note: All the information you need to solve the 3 parts of this challenge is in the pcap. Once you find the exploit for a given part, you should be able to find the corresponding flag and move on to the next part.
Loading up the pcap file in wireshark shows a bunch of TCP communication along with a few interesting sections of data. The first thing that stuck out was an email sent by [email protected].
Ultimately though the key to solving this part of the challenge was found in an FTP-exchange wherein the user bob logged in and uploaded a file ssc.key:
ssc.key turns out to be an RSA-key that can be used to decrypt the TLS-traffic.
Wireshark allows for decryption of TLS-traffic. Insert ssc.key in Edit -> Preferences -> SSL
After digging through some of the now decrypted TLS-traffic I found the flag hiding in plain sight in an HTTP header.
