111 words
1 minutes
SCSC2026 Quals - Sharkk - Forensics Writeup
Event Archive

SCSC2026 Quals

Posts, writeups, and notes grouped under this event.

Archive/29 posts
Events/SCSC2026 Quals
2026-02-17
Writeup
CTF
/
Security
/
Forensics

Category: Forensics
File: sharkk.pcapng
Flag: scsc26{t4p1_b0on9}

Description#

We are given a packet capture (.pcapng). The flag is hidden somewhere inside the captured network traffic.

Analysis#

A common first step in forensics PCAP challenges is to extract printable strings and look for familiar flag patterns.

Even without Wireshark/tshark, we can still carve out the contents using strings and grep.

Solution#

Extract strings and search for the flag format:

strings sharkk.pcapng | grep -oE 'scsc26\{[^}]+\}'

Output:

scsc26{t4p1_b0on9}

If you want a bit more context, you can print nearby lines:

strings -n 6 sharkk.pcapng | grep -n "flag.txt" -n
strings -n 6 sharkk.pcapng | grep -n "scsc26" -n

From the surrounding control-channel text, the capture includes an FTP transfer for flag.txt, and the flag appears directly in the payload.

SCSC2026 Quals - Sharkk - Forensics Writeup
https://blog.rei.my.id/posts/30/scsc2026-quals-sharkk-forensics-writeup/
Author
Reidho Satria
Published at
2026-02-17
License
CC BY-NC-SA 4.0
© 2026 Reidho Satria. All Rights Reserved. / RSS / Sitemap
Powered by Astro & Fuwari