Roten Writeup

Solved by : thewhiteh4t

• A PCAP file is given again
• Apply a filter to view only POST requests :

http.request.method=="POST"

• In one of the requests we can see a PHP file by the name galacticmap.php is uploaded

• It is a obfuscated PHP file, in its last line of code eval function is executed
• To de-obfuscate I commented out the eval and added an echo

• After running this PHP file we can get the flag :