@ -0,0 +1,34 @@ |
|||
## Archenemy |
|||
The main idea finding the flag is using simple Steganography techniques. |
|||
|
|||
#### Step-1: |
|||
After I downloaded `arched.png`, I wasn't able to open it. So I tried simple strings, binwalk commands. But no results. |
|||
|
|||
#### Step-2: |
|||
So, I went for steghide tool this time. |
|||
|
|||
I tried `steghide extract -sf arched.png` and with a empty passphrase and it gave me this: |
|||
|
|||
``` |
|||
wrote extracted data to "flag.zip". |
|||
``` |
|||
#### Step-3: |
|||
So, now I had `flag.zip`, which had an image `meme.jpg`, but the zip was encrypted. So I had to use tool of that. |
|||
|
|||
``` |
|||
$ zipCracker/zipcracker.py -f flag.zip -w /usr/share/wordlists/rockyou.txt |
|||
3638 / 14344394 | 0.00% -> masones1lndg456ce |
|||
|
|||
Password cracked: kathmandu |
|||
|
|||
Took 2.379971 seconds to crack the password. That is, 1529 attempts per second. |
|||
``` |
|||
|
|||
#### Step-4: |
|||
Voila! We finally have `meme.jpg` which contains flag. |
|||
|
|||
<img src="meme.jpg"> |
|||
|
|||
#### Step-5: |
|||
Finally the flag becomes: |
|||
`csictf{1_h0pe_y0u_don't_s33_m3_here}` |
After Width: | Height: | Size: 519 KiB |
After Width: | Height: | Size: 27 KiB |
@ -0,0 +1,113 @@ |
|||
## Gradient Sky |
|||
The main idea finding the flag is using simple Steganography techniques. |
|||
|
|||
#### Step-1: |
|||
After I downloaded `sky.jpg`, I tried simple `strings sky.jpg | grep {` |
|||
|
|||
<img src="sky.jpg"> |
|||
|
|||
``` |
|||
n"l`{ |
|||
X#,{c# |
|||
<{{!g6 |
|||
{}qv |
|||
R{Guv |
|||
9Cs{c= |
|||
f{_( |
|||
2;{PG< |
|||
oH{iy$ |
|||
0{Tn |
|||
q{dv |
|||
{=Zw |
|||
=||^{r |
|||
75ub{ |
|||
|AcV{ |
|||
;?{O |
|||
`58{ |
|||
M{>ww |
|||
ET{vz |
|||
{tL=[' |
|||
r{;M |
|||
{z_| |
|||
Ezv{M |
|||
ef^{ |
|||
{NxTy |
|||
'{w'=\W |
|||
;\&\{ |
|||
yv{O |
|||
nyui{ |
|||
{.,} |
|||
.{M. |
|||
h)+{8 |
|||
={,^ |
|||
L,QaQDX{ |
|||
X{{V |
|||
fty{/ |
|||
xr{4< |
|||
]{>{ |
|||
x8]{ |
|||
c&A{ |
|||
={-^/ |
|||
-iQuG-S{ |
|||
6{)s |
|||
7{oi |
|||
w'u{ |
|||
,:({ |
|||
ly={=/. |
|||
{V<7, |
|||
qv{]: |
|||
z={m |
|||
v{M:v |
|||
/@j{ |
|||
{Yowk |
|||
M{65 |
|||
{]:uc |
|||
M[\{ |
|||
yv{M: |
|||
f_UQ{ |
|||
m{G/ |
|||
W.q{ |
|||
E{4;G- |
|||
{63( |
|||
][-z{ |
|||
?f{F |
|||
<{\u |
|||
=+:{^ |
|||
w={<=x |
|||
xVP{ |
|||
Z8<{; |
|||
;}z{ |
|||
?-{> |
|||
?9{6 |
|||
Vy={> |
|||
o.{[ |
|||
{~zru |
|||
{9E~ |
|||
m?Oi{ |
|||
.{]} |
|||
:zP{ |
|||
zv{=: |
|||
k-tb{ |
|||
o{tl |
|||
{=3{ |
|||
?p{{, |
|||
v{<k |
|||
6{[3 |
|||
S{25 |
|||
y{_f |
|||
DX}L{ |
|||
Y%O{ |
|||
sz/{S |
|||
{]Sv |
|||
m6{= |
|||
v[M{; |
|||
{Vf? |
|||
%zv{lLPg |
|||
x'{O |
|||
csictf{j0ker_w4snt_happy} |
|||
``` |
|||
Voila! There we have our flag. |
|||
|
|||
#### Step-2: |
|||
Finally the flag becomes: |
|||
`csictf{j0ker_w4snt_happy}` |
After Width: | Height: | Size: 288 KiB |
@ -0,0 +1,28 @@ |
|||
## Panda |
|||
The main idea finding the flag is using zip2john. |
|||
|
|||
#### Step-1: |
|||
After I downloaded `panda.zip`, I got 2 files in it, `panda.jpg` & `panda1.jpg`. |
|||
|
|||
#### Step-2: |
|||
It was encrypted. So I used `zip2john` tool to crack the zip. |
|||
|
|||
```bash |
|||
zip2john panda.zip > hash.txt |
|||
john.exe --wordlist=real_human hash.txt |
|||
``` |
|||
<img src="panda.jpg"> |
|||
|
|||
<img src="panda1.jpg"> |
|||
|
|||
#### Step-3: |
|||
|
|||
This simple `flag.py` python script helps us to get the flag. |
|||
|
|||
```python |
|||
print(''.join([chr(i) for i, j in zip(open('panda1.jpg', 'rb').read(), open('panda.jpg', 'rb').read()) if i!= j])) |
|||
``` |
|||
|
|||
#### Step-4: |
|||
Finally the flag becomes: |
|||
`csictf{kung_fu_p4nd4}` |
@ -0,0 +1 @@ |
|||
print(''.join([chr(i) for i, j in zip(open('panda1.jpg', 'rb').read(), open('panda.jpg', 'rb').read()) if i!= j])) |
After Width: | Height: | Size: 76 KiB |
After Width: | Height: | Size: 76 KiB |
After Width: | Height: | Size: 110 KiB |
After Width: | Height: | Size: 44 KiB |
@ -0,0 +1,36 @@ |
|||
## unseen |
|||
The main idea finding the flag is using LSB bit and steghide tools. |
|||
|
|||
#### Step-1: |
|||
After I downloaded `nyc.png` & `morse.wav`, I tried basic `binwalk` and `strings`, but obviously it didn't work. |
|||
|
|||
<img src="nyc.png"> |
|||
|
|||
#### Step-2: |
|||
I tried to decode `morse.wav` online [here](https://morsecode.world/international/decoder/audio-decoder-adaptive.html). |
|||
|
|||
<img src="Morse_Decode.png"> |
|||
|
|||
#### Step-3: |
|||
|
|||
This message gave me idea that I have to search further in image only. Using the LSB hint from the description, I found the string `42845193` at 1-bit LSB. |
|||
|
|||
#### Step-4: |
|||
Using Steghide tool, I tried to extract data from the `morse.wav` by command `steghide extract -sf morse.wav` |
|||
Passphrase was `42845193` |
|||
|
|||
It gave me this output: |
|||
|
|||
``` |
|||
wrote extracted data to "flag.txt". |
|||
``` |
|||
#### Step-5: |
|||
Something to work on. So when I opened `flag.txt`. It was blank with space, tabs and newline. So I tried to decode that using Whitespace Decoder at : https://vii5ard.github.io/whitespace/ |
|||
|
|||
<img src="Flag.png"> |
|||
|
|||
Voila! I had the flag there. |
|||
|
|||
#### Step-6: |
|||
Finally the flag becomes: |
|||
`csictf{7h47_15_h0w_y0u_c4n_83c0m3_1nv151813}` |
@ -0,0 +1,89 @@ |
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
After Width: | Height: | Size: 1.7 MiB |