Cruises are not known for their generosity. They’ll nickel-and-dime you at every opportunity. They’re out here to make money, just like us…
It is by design that the Internet on the ship is bad. It creates a bad connection for everybody, but we know that the bandwidth could be better if we could remove the throttling they put in place.
We need this for a specific reason: when the casino part of the heist will happen, we want everybody on their phone, live streaming the jackpot, and thus paralyzing the network while keeping everybody distracted.
We have captured some traffic. Take a look and see if you can find anything.
Local - Download the PCAP here
I’ve done my legwork. The Internet aboard the ship has been set up by a cheap vendor, using a lot of custom services and such. Cruise ships, always needing to feel special.
Wait, D.AND.S, what an unusual name. I wonder what it means? Did you take a look at the log server to see how all of this is processed?
Oh. I just got it. Hopefully you got the pun, too.
Some data
Pcap Contains malform packet with text:
Plain Text 1 lines
Z464c41472d30383966333765633330616166663036653036643863333731656338653865643337383634313763DNS Request:
Plain Text 2 lines
596f7543616e52656164486578
YouCanReadHexPlain Text 2 lines
47617262616765
GarbageLooking at the only Malform Packet in Wireshark or other:
(_ws.malformed) && udp.stream eq 187
Click to reveal the final flag
flag 1 lines
FLAG-089f37ec30aaff06e06d8c371ec8e8ed3786417cNext Step:
I’ve done my legwork. The Internet aboard the ship has been set up by a cheap vendor, using a lot of custom services and such. Cruise ships, always needing to feel special.
Wait, D.AND.S, what an unusual name. I wonder what it means? Did you take a look at the log server to see how all of this is processed?
Oh. I just got it. Hopefully you got the pun, too.
bash 1 lines
curl -k https://[9000:d37e:c40b:3192::1]:8443/
hex encoding works
No Additional Information.