MasterWard Profile
  • Introduction
  • Media Links
  • Resume
  • HackThebox Notes
    • RedPanda
    • Metatwo
  • CTF Contest Writeups
    • 2017
      • Takoma Park CTF
      • TUCTF 2017
      • HITCON CTF 2017 Quals
      • CSAW CTF Qualification Round 2017
      • SEC-T CTF
      • Backdoor CTF 2017
      • Hack Dat Kiwi 2017
      • Kaspersky 2017
      • Hack.lu 2017
      • HackCon 2017
      • Defcamp 2017
      • Square CTF 2017
      • Mitre 2017
      • EKOPARTY CTF 2017
    • 2018
      • SEC-T CTF
      • Hackcon 2018
      • EasyCTF IV 2018
      • DefCamp CTF Qualifiers
      • PACTF 2018
      • CSAW CTF Qualifiers 2018
      • PicoCTF 2018
    • 2019
      • Newark Academy CTF 2019
      • Crypto CTF 2019
      • PicoCTF 2019
        • General Skills
        • Binary Exploitations
        • Forensics
        • Reverse Engineering
        • Cryptography
        • Web Exploitation
      • TAMUctf 19
    • 2021
      • picoCTF 2021
        • General Skills
        • Binary Exploitation
        • Forensics
        • Reverse Engineering
        • Cryptography
        • Web Exploitation
      • HackiHoli
      • S.H.E.L.L CTF
      • DawgCTF 2021
      • TCTF 2021
      • RedPwnCTF 2021
      • IJCTF 2021
      • UIUCTF 2021
      • Really Awesome CTF 2021
      • TMUCTF 2021
      • CSAW Qualifiers 2021
      • Pbjar CTF 2021
      • Deadface CTF 2021
    • 2022
      • NahamCon CTF 2022
      • BYUCTF 2022
      • DEF CON Qualifiers 2022
    • Useful Code
  • Software
    • Video Standardization and Compression
    • TOBIAS
    • Tracking Phone
    • Image Compression
    • Do Not Call Database
    • Color Blind Simulator
    • Gmail Unsubscriber
    • MP4 to GIF Converter
    • Optical Character Reading
    • Soft Jobs
    • OBD Project
    • Online Movie Finder
    • Work In Progress
      • Incremental Backup
      • Web Scraper - Wallpaper Edition
      • Web Blocker
      • File Manipulator
      • AppFiller
      • Cyber Security Projects
      • Bsaber AI
    • Ideas
      • CAN Programming
      • Malicious Programs
      • Remove Yourself from the Internet
      • DNA Classic
      • Auto Clicker
      • Adding Depth to a Video
      • Collage Mosaic Generator
      • Game Destroyer
      • Hearing aid Technology
      • Sign Language Recognition
      • Text Summarizer
      • Video to audio to text
      • Video Object Detection
      • VR demonstration
      • More Ideas to Elaborate on
    • Failure
      • Police Camera Radar
      • Already Created
      • Google Maps Game
      • Car price prediction
      • Bullshit Detector
      • Automated Code writter
      • Career Prediction
      • Samsung Remote Control Hack
      • Invalid Finder
      • PiHole Regex Filter
      • Group Archiver
  • Additional Articles
    • Cleaning Up a Computer Tricks
    • Getting started in Cyber Security
    • Speeding Up Your Internet
    • College Experience
    • Currently Writting
      • Reverse Engineering Notes
      • Bug Bounty Guide and Examples
      • OSCP help
      • Job Experience
      • Professional Job-Hunting Experience
Powered by GitBook
On this page
  • information [10 pts]
  • Matryoshka doll [30 pts]
  • tunn3l v1s10n [40 pts] [Not Solved]
  • Wireshark doo dooo do doo [50 pts] [Not Solved]
  • MacroHard WeekEdge [60 pts] [Not Solved]
  • Trivial Flag Transfer Protocol [90 pts] [Not Solved]
  • Wireshark twoo twooo two twoo [100 pts] [Not Solved]
  • Disk, disk, sleuth! [110 pts] [Not Solved]
  • Milkslap [120 pts] [Not Solved]
  • Disk, disk sleuth! II [130 pts] [Not Solved]
  • Surfing the Waves [250 pts] [Not Solved]
  • Very very very hidden [300 pts] [Not Solved]

Was this helpful?

  1. CTF Contest Writeups
  2. 2021
  3. picoCTF 2021

Forensics

PreviousBinary ExploitationNextReverse Engineering

Last updated 3 years ago

Was this helpful?

information [10 pts]

Description

Files can always be changed in a secret way. Can you find the flag? cat.jpg

Solution

Started out with looking at the image and running cat cat.jpg with no results. Then I got something with ExifTool.

putting into cyber chef the License I would get through some magic the flag.

Flag: picoCTF{the_m3tadata_1s_modified}

Matryoshka doll [30 pts]

Description

Matryoshka dolls are a set of wooden dolls of decreasing size placed one inside another. What's the final one? Image: this

Solution

One inside of another hmmm. Sounds like binwalk to me. I use the first command of binwalk -e dolls.jpeg and it returns files, which is a good sign. I go to the basic folder and binwalk -e that jpeg (2nd doll). Then the third doll. Then the fourth doll, and inside that one is something different. It is the flag. What a relief.

Flag: picoCTF{ac0072c423ee13bfc0b166af72e25b61}

tunn3l v1s10n [40 pts] [Not Solved]

Description

We found this file. Recover the flag.

Solution

By looking at the file signature, it seems we are given a BMP file. Knowing most of you are in Linux, you can't default to that image viewer. The one I would use is imageMagick to view the image. It has a fake flag and it seems there are two parts to this image. One is a negative view of an image and the other one is positive.

Flag:

Wireshark doo dooo do doo [50 pts] [Not Solved]

Description

Can you find the flag? shark1.pcapng.

Solution

Opened in Wireshark and went to Statistics -> Conversations -> TCP (It had 17 so best guess). From there I checked all the streams and of them, only 1 was readable (stream 5).

Flag:

MacroHard WeekEdge [60 pts] [Not Solved]

Description

I've hidden a flag in this file. Can you find it? Forensics is fun.pptm

Solution

a

Flag:

Trivial Flag Transfer Protocol [90 pts] [Not Solved]

Description

Figure out how they moved the flag.

Solution

a

Flag:

Wireshark twoo twooo two twoo [100 pts] [Not Solved]

Description

Can you find the flag? shark2.pcapng.

Solution

a

Flag:

Disk, disk, sleuth! [110 pts] [Not Solved]

Description

Use `srch_strings` from the sleuthkit and some terminal-fu to find a flag in this disk image: dds1-alpine.flag.img.gz

Solution

a

Flag:

Milkslap [120 pts] [Not Solved]

Description

🥛

Solution

a

Flag:

Disk, disk sleuth! II [130 pts] [Not Solved]

Description

All we know is the file with the flag is named `down-at-the-bottom.txt`... Disk image: dds2-alpine.flag.img.gz

Solution

a

Flag:

Surfing the Waves [250 pts] [Not Solved]

Description

While you're going through the FBI's servers, you stumble across their incredible taste in music. One main.wav you found is particularly interesting, see if you can find the flag!

Solution

a

Flag:

Very very very hidden [300 pts] [Not Solved]

Description

Finding a flag may take many steps, but if you look diligently it won't be long until you find the light at the end of the tunnel. Just remember, sometimes you find the hidden treasure, but sometimes you find only a hidden map to the treasure. try_me.pcap

Solution

a

Flag: