WHAT THE HECK HAPPENED HERE? IT SEEMS THAT THE CHALLENGE HERE IS GONE? CAN YOU FIND IT? CAN YOU CHECK IF YOU CAN FIND THE BACKUP FILE FOR THIS ONE? I’M SORRY FOR MESSING UP :(
After looking for files with some best practices file extensions like .backup, .bak, _backup… I found file /levelfourteen.php.old to be present. After downloading it, there was a php source code commented out.
* <img src="img/clippy1.jpg" class="imahe" /> <br /> <br />
<p>Do you want to download this mysterious file?</p>
OK, we are dealing with another packet capture. Let’s looks at the Protocol Hierarchy.
Again, just like Level 6, we see a lot of traffic from 127.0.0.1, this time it’s mostly HTTP. We know that abnormal, so let’s extract all the HTTP objects from the whole pcap. Open wireshark, load the pcap and select File -> Export Object -> HTTP. Now “Save All” to a new directory. This will save all files transfered via HTTP.
Browsing to the directory and opening the HoneyPY.PNG file, we see the flag.