[PwC] Central African Repulic - MISC150 | Ph03nix Team

Ph03nix Team

H4ck f0r fun

Home About Us
[PwC] Central African Repulic - MISC150
BlackWings

Question


PCAP FILE:
https://github.com/Ph03Nix-MrV/PwCHackaday2017/blob/master/5c7d7800965f7012b2adde87fc479d62.pcap

Follow DNS protocol and first packet have FFD8



==> Maybe this is a JPG image. Huh try to recover…

from scapy.all import *
 from libnum import *
 packets = rdpcap('5c7d7800965f7012b2adde87fc479d62.pcap')
 i=0
 s=''
 for p in packets:
   if p.haslayer(DNS):
     if p.qdcount > 0 and isinstance(p.qd, DNSQR):
       name = p.qd.qname
     elif p.ancount > 0 and isinstance(p.an, DNSRR):
       name = p.an.rdata
     else:
       continue
     if i%2==0:
      try:
       n2s(int(name.replace('.g00gle.com.',''),16))
       s+=name.replace('.g00gle.com.','')
      except:
       continue
     i+=1
 s=n2s(int(s,16))
 open('a.jpg','w').write(s)



a.jpg: https://github.com/Ph03Nix-MrV/PwCHackaday2017/blob/master/a.jpg

and this is a normal JPG but in the end I see some offset