Untitled

We got pcap file when extracting the file.

Untitled

Since it's day 1 challenge, strings can be used to retrieve the flags

strings -n 10 christmaswishlist.pcap

--sniff--
POST /bg.php HTTP/1.1
Host: christmaswishlist:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 267
Origin: <http://christmaswishlist:8080>
Connection: close
Referer: <http://christmaswishlist:8080/bg.php>
Upgrade-Insecure-Requests: 1
cmd=rm++%2Fvar%2Fwww%2Fhtml%2Fsites%2Fdefault%2Ffiles%2F.ht.sqlite+%26%26+echo+SFRCezBrX24wd18zdjNyeTBuM19oNHNfdDBfZHIwcF8wZmZfdGgzaXJfbDN0dDNyc180dF90aDNfcDBzdF8wZmYxYzNfNGc0MW59+%3E+%2Fdev%2Fnull+2%3E%261+%26%26+ls+-al++%2Fvar%2Fwww%2Fhtml%2Fsites%2Fdefault%2Ffiles`
HTTP/1.1 200 OK
Date: Sat, 27 Nov 2021 10:32:57 GMT
Server: Apache/2.4.25 (Debian)
X-Powered-By: PHP/7.2.3
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1148
Connection: close
Content-Type: text/html; charset=UTF-8
--sniff--

If you decode the url encoded strings from there, you will got the flag

Untitled

FLAG = HTB{0k_n0w_3v3ry0n3_h4s_t0_dr0p_0ff_th3ir_l3tt3rs_4t_th3_p0st_0ff1c3_4g41n}