Forensics

PreviousBinary Exploitation NextReverse Engineering

Last updated 3 years ago

Was this helpful?

Forensics

information [10 pts]

Description
Files can always be changed in a secret way. Can you find the flag? cat.jpg

Solution

Started out with looking at the image and running cat cat.jpg with no results. Then I got something with ExifTool.

putting into cyber chef the License I would get through some magic the flag.

Flag: picoCTF{the_m3tadata_1s_modified}

Matryoshka doll [30 pts]

Description
Matryoshka dolls are a set of wooden dolls of decreasing size placed one inside another. What's the final one? Image: this

Solution

One inside of another hmmm. Sounds like binwalk to me. I use the first command of binwalk -e dolls.jpeg and it returns files, which is a good sign. I go to the basic folder and binwalk -e that jpeg (2nd doll). Then the third doll. Then the fourth doll, and inside that one is something different. It is the flag. What a relief.

Flag: picoCTF{ac0072c423ee13bfc0b166af72e25b61}

tunn3l v1s10n [40 pts] [Not Solved]

Description
We found this file. Recover the flag.

Solution

By looking at the file signature, it seems we are given a BMP file. Knowing most of you are in Linux, you can't default to that image viewer. The one I would use is imageMagick to view the image. It has a fake flag and it seems there are two parts to this image. One is a negative view of an image and the other one is positive.

Flag:

Wireshark doo dooo do doo [50 pts] [Not Solved]

Description
Can you find the flag? shark1.pcapng.

Solution

Opened in Wireshark and went to Statistics -> Conversations -> TCP (It had 17 so best guess). From there I checked all the streams and of them, only 1 was readable (stream 5).

Flag:

MacroHard WeekEdge [60 pts] [Not Solved]

Description
I've hidden a flag in this file. Can you find it? Forensics is fun.pptm

Solution

Flag:

Trivial Flag Transfer Protocol [90 pts] [Not Solved]

Description
Figure out how they moved the flag.

Solution

Flag:

Wireshark twoo twooo two twoo [100 pts] [Not Solved]

Description
Can you find the flag? shark2.pcapng.

Solution

Flag:

Disk, disk, sleuth! [110 pts] [Not Solved]

Description
Use `srch_strings` from the sleuthkit and some terminal-fu to find a flag in this disk image: dds1-alpine.flag.img.gz

Solution

Flag:

Milkslap [120 pts] [Not Solved]

Description
🥛

Solution

Flag:

Disk, disk sleuth! II [130 pts] [Not Solved]

Description
All we know is the file with the flag is named `down-at-the-bottom.txt`... Disk image: dds2-alpine.flag.img.gz

Solution

Flag:

Surfing the Waves [250 pts] [Not Solved]

Description
While you're going through the FBI's servers, you stumble across their incredible taste in music. One main.wav you found is particularly interesting, see if you can find the flag!

Solution

Flag:

Very very very hidden [300 pts] [Not Solved]

Description
Finding a flag may take many steps, but if you look diligently it won't be long until you find the light at the end of the tunnel. Just remember, sometimes you find the hidden treasure, but sometimes you find only a hidden map to the treasure. try_me.pcap

Solution

Flag:

PreviousBinary Exploitation NextReverse Engineering

Last updated 3 years ago

Was this helpful?

information [10 pts]

Description
Files can always be changed in a secret way. Can you find the flag? cat.jpg

Solution

Started out with looking at the image and running cat cat.jpg with no results. Then I got something with ExifTool.

putting into cyber chef the License I would get through some magic the flag.

Flag: picoCTF{the_m3tadata_1s_modified}

Matryoshka doll [30 pts]

Description
Matryoshka dolls are a set of wooden dolls of decreasing size placed one inside another. What's the final one? Image: this

Solution

Flag: picoCTF{ac0072c423ee13bfc0b166af72e25b61}

tunn3l v1s10n [40 pts] [Not Solved]

Description
We found this file. Recover the flag.

Solution

Flag:

Wireshark doo dooo do doo [50 pts] [Not Solved]

Description
Can you find the flag? shark1.pcapng.

Solution

Opened in Wireshark and went to Statistics -> Conversations -> TCP (It had 17 so best guess). From there I checked all the streams and of them, only 1 was readable (stream 5).

Flag:

MacroHard WeekEdge [60 pts] [Not Solved]

Description
I've hidden a flag in this file. Can you find it? Forensics is fun.pptm

Solution

Flag:

Trivial Flag Transfer Protocol [90 pts] [Not Solved]

Description
Figure out how they moved the flag.

Solution

Flag:

Wireshark twoo twooo two twoo [100 pts] [Not Solved]

Description
Can you find the flag? shark2.pcapng.

Solution

Flag:

Disk, disk, sleuth! [110 pts] [Not Solved]

Description
Use `srch_strings` from the sleuthkit and some terminal-fu to find a flag in this disk image: dds1-alpine.flag.img.gz

Solution

Flag:

Milkslap [120 pts] [Not Solved]

Description
🥛

Solution

Flag:

Disk, disk sleuth! II [130 pts] [Not Solved]

Description
All we know is the file with the flag is named `down-at-the-bottom.txt`... Disk image: dds2-alpine.flag.img.gz

Solution

Flag:

Surfing the Waves [250 pts] [Not Solved]

Description
While you're going through the FBI's servers, you stumble across their incredible taste in music. One main.wav you found is particularly interesting, see if you can find the flag!

Solution

Flag:

Very very very hidden [300 pts] [Not Solved]

Description
Finding a flag may take many steps, but if you look diligently it won't be long until you find the light at the end of the tunnel. Just remember, sometimes you find the hidden treasure, but sometimes you find only a hidden map to the treasure. try_me.pcap

Solution

Flag: