picoCTF 2021 Solution - Wireshark twoo twooo two twoo...
Decoding and Cracking Flags from Pcap Files
The pcap contents show various TCP streams containing flags:
The observed flag, picoCTF{[SHA256_REDACTED]}, seems to be encoded with base 64 or hashed. Using a hash analyzer, it was determined to be SHA2-256.
Difference between SHA2-256 & SHA-256 - Basically none.
Crackstation doesn't have it in their database.
I attempted to crack the hash using both john and hashcat:
john --format=raw-sha256 -w=/usr/share/wordlists/rockyou.txt --fork=2 hash
hashcat hash -m 1400