Forensics

information [10 pts]

Description

Files can always be changed in a secret way. Can you find the flag? cat.jpg

Solution

Started out with looking at the image and running cat cat.jpg with no results. Then I got something with ExifTool.

putting into cyber chef the License I would get through some magic the flag.

Flag: picoCTF{the_m3tadata_1s_modified}

Matryoshka doll [30 pts]

Description

Matryoshka dolls are a set of wooden dolls of decreasing size placed one inside another. What's the final one? Image: this

Solution

One inside of another hmmm. Sounds like binwalk to me. I use the first command of binwalk -e dolls.jpeg and it returns files, which is a good sign. I go to the basic folder and binwalk -e that jpeg (2nd doll). Then the third doll. Then the fourth doll, and inside that one is something different. It is the flag. What a relief.

Flag: picoCTF{ac0072c423ee13bfc0b166af72e25b61}

tunn3l v1s10n [40 pts] [Not Solved]

Description

We found this file. Recover the flag.

Solution

By looking at the file signature, it seems we are given a BMP file. Knowing most of you are in Linux, you can't default to that image viewer. The one I would use is imageMagick to view the image. It has a fake flag and it seems there are two parts to this image. One is a negative view of an image and the other one is positive.

Flag:

Wireshark doo dooo do doo [50 pts] [Not Solved]

Description

Can you find the flag? shark1.pcapng.

Solution

Opened in Wireshark and went to Statistics -> Conversations -> TCP (It had 17 so best guess). From there I checked all the streams and of them, only 1 was readable (stream 5).

Flag:

MacroHard WeekEdge [60 pts] [Not Solved]

Description

I've hidden a flag in this file. Can you find it? Forensics is fun.pptm

Solution

a

Flag:

Trivial Flag Transfer Protocol [90 pts] [Not Solved]

Description

Figure out how they moved the flag.

Solution

a

Flag:

Wireshark twoo twooo two twoo [100 pts] [Not Solved]

Description

Can you find the flag? shark2.pcapng.

Solution

a

Flag:

Disk, disk, sleuth! [110 pts] [Not Solved]

Description

Use `srch_strings` from the sleuthkit and some terminal-fu to find a flag in this disk image: dds1-alpine.flag.img.gz

Solution

a

Flag:

Milkslap [120 pts] [Not Solved]

Description

🥛

Solution

a

Flag:

Disk, disk sleuth! II [130 pts] [Not Solved]

Description

All we know is the file with the flag is named `down-at-the-bottom.txt`... Disk image: dds2-alpine.flag.img.gz

Solution

a

Flag:

Surfing the Waves [250 pts] [Not Solved]

Description

While you're going through the FBI's servers, you stumble across their incredible taste in music. One main.wav you found is particularly interesting, see if you can find the flag!

Solution

a

Flag:

Very very very hidden [300 pts] [Not Solved]

Description

Finding a flag may take many steps, but if you look diligently it won't be long until you find the light at the end of the tunnel. Just remember, sometimes you find the hidden treasure, but sometimes you find only a hidden map to the treasure. try_me.pcap

Solution

a

Flag: