Added Forensics Challenges

4 years ago · 3c743dd8fd
17 changed files with 301 additions and 0 deletions
--- a/Forensics/Archenemy/README.md
+++ b/Forensics/Archenemy/README.md
@ -0,0 +1,34 @@
+## Archenemy
+The main idea finding the flag is using simple Steganography techniques.
+
+#### Step-1:
+After I downloaded `arched.png`, I wasn't able to open it. So I tried simple strings, binwalk commands. But no results.
+
+#### Step-2:
+So, I went for steghide tool this time.
+
+I tried `steghide extract -sf arched.png` and with a empty passphrase and it gave me this:
+
+```
+wrote extracted data to "flag.zip".
+```
+#### Step-3:
+So, now I had `flag.zip`, which had an image `meme.jpg`, but the zip was encrypted. So I had to use tool of that.
+
+```
+$ zipCracker/zipcracker.py -f flag.zip -w /usr/share/wordlists/rockyou.txt 
+    3638 / 14344394 |   0.00% -> masones1lndg456ce
+
+Password cracked: kathmandu
+
+Took 2.379971 seconds to crack the password. That is, 1529 attempts per second.
+```
+
+#### Step-4:
+Voila! We finally have `meme.jpg` which contains flag.
+
+<img src="meme.jpg">
+
+#### Step-5:
+Finally the flag becomes:
+`csictf{1_h0pe_y0u_don't_s33_m3_here}`
--- a/Forensics/Archenemy/arched.png
+++ b/Forensics/Archenemy/arched.png
--- a/Forensics/Archenemy/flag.zip
+++ b/Forensics/Archenemy/flag.zip
--- a/Forensics/Archenemy/meme.jpg
+++ b/Forensics/Archenemy/meme.jpg
--- a/Forensics/Gradient
+++ b/Forensics/Gradient
@ -0,0 +1,113 @@
+## Gradient Sky
+The main idea finding the flag is using simple Steganography techniques.
+
+#### Step-1:
+After I downloaded `sky.jpg`, I tried simple `strings sky.jpg | grep {`
+
+<img src="sky.jpg">
+
+```
+n"l`{
+X#,{c#
+<{{!g6
+{}qv
+R{Guv
+9Cs{c=
+f{_(
+2;{PG<
+oH{iy$
+0{Tn
+q{dv
+{=Zw
+=||^{r
+75ub{
+|AcV{
+;?{O
+`58{
+M{>ww
+ET{vz
+{tL=['
+r{;M
+{z_|
+Ezv{M
+ef^{
+{NxTy
+'{w'=\W
+;\&\{
+yv{O
+nyui{
+{.,}
+.{M.
+h)+{8
+={,^
+L,QaQDX{
+X{{V
+fty{/
+xr{4<
+]{>{
+x8]{
+c&A{
+={-^/
+-iQuG-S{
+6{)s
+7{oi
+w'u{
+,:({
+ly={=/.
+{V<7,
+qv{]:
+z={m
+v{M:v
+/@j{
+{Yowk
+M{65
+{]:uc
+M[\{
+yv{M:
+f_UQ{
+m{G/
+W.q{
+E{4;G-
+{63(
+][-z{
+?f{F
+<{\u
+=+:{^
+w={<=x
+xVP{
+Z8<{;
+;}z{
+?-{>
+?9{6
+Vy={>
+o.{[
+{~zru
+{9E~
+m?Oi{
+.{]}
+:zP{
+zv{=:
+ k-tb{
+o{tl
+{=3{
+?p{{,
+v{<k
+6{[3
+S{25
+y{_f
+DX}L{
+Y%O{
+sz/{S
+{]Sv
+m6{=
+v[M{;
+{Vf?
+%zv{lLPg
+x'{O
+csictf{j0ker_w4snt_happy}
+```
+Voila! There we have our flag.
+
+#### Step-2:
+Finally the flag becomes:
+`csictf{j0ker_w4snt_happy}`
--- a/Forensics/Gradient
+++ b/Forensics/Gradient
--- a/Forensics/Panda/README.md
+++ b/Forensics/Panda/README.md
@ -0,0 +1,28 @@
+## Panda
+The main idea finding the flag is using zip2john.
+
+#### Step-1:
+After I downloaded `panda.zip`, I got 2 files in it, `panda.jpg` & `panda1.jpg`.
+
+#### Step-2:
+It was encrypted. So I used `zip2john` tool to crack the zip.
+
+```bash
+zip2john panda.zip > hash.txt
+john.exe --wordlist=real_human hash.txt
+```
+<img src="panda.jpg">
+
+<img src="panda1.jpg">
+
+#### Step-3:
+
+This simple `flag.py` python script helps us to get the flag.
+
+```python
+print(''.join([chr(i) for i, j in zip(open('panda1.jpg', 'rb').read(), open('panda.jpg', 'rb').read()) if i!= j]))
+```
+
+#### Step-4:
+Finally the flag becomes:
+`csictf{kung_fu_p4nd4}`
--- a/Forensics/Panda/flag.py
+++ b/Forensics/Panda/flag.py
@ -0,0 +1 @@
+print(''.join([chr(i) for i, j in zip(open('panda1.jpg', 'rb').read(), open('panda.jpg', 'rb').read()) if i!= j]))
--- a/Forensics/Panda/panda.jpg
+++ b/Forensics/Panda/panda.jpg
--- a/Forensics/Panda/panda.zip
+++ b/Forensics/Panda/panda.zip
--- a/Forensics/Panda/panda1.jpg
+++ b/Forensics/Panda/panda1.jpg
--- a/Forensics/unseen/Flag.png
+++ b/Forensics/unseen/Flag.png
--- a/Forensics/unseen/Morse_Decode.png
+++ b/Forensics/unseen/Morse_Decode.png
--- a/Forensics/unseen/README.md
+++ b/Forensics/unseen/README.md
@ -0,0 +1,36 @@
+## unseen
+The main idea finding the flag is using LSB bit and steghide tools.
+
+#### Step-1:
+After I downloaded `nyc.png` & `morse.wav`, I tried basic `binwalk` and `strings`, but obviously it didn't work.
+
+<img src="nyc.png">
+
+#### Step-2:
+I tried to decode `morse.wav` online [here](https://morsecode.world/international/decoder/audio-decoder-adaptive.html).
+
+<img src="Morse_Decode.png">
+
+#### Step-3:
+
+This message gave me idea that I have to search further in image only. Using the LSB hint from the description, I found the string `42845193` at 1-bit LSB.
+
+#### Step-4:
+Using Steghide tool, I tried to extract data from the `morse.wav` by command `steghide extract -sf morse.wav`
+Passphrase was `42845193`
+
+It gave me this output:
+
+```
+wrote extracted data to "flag.txt".
+```
+#### Step-5:
+Something to work on. So when I opened `flag.txt`. It was blank with space, tabs and newline. So I tried to decode that using Whitespace Decoder at : https://vii5ard.github.io/whitespace/
+
+<img src="Flag.png">
+
+Voila! I had the flag there.
+
+#### Step-6:
+Finally the flag becomes:
+`csictf{7h47_15_h0w_y0u_c4n_83c0m3_1nv151813}`
--- a/Forensics/unseen/flag.txt
+++ b/Forensics/unseen/flag.txt
@ -0,0 +1,89 @@
+   		   		
+	
+     			  		
+	
+     		 	  	
+	
+     		   		
+	
+     			 	  
+	
+     		  		 
+	
+     				 		
+	
+      		 			
+	
+     		 	   
+	
+      		 	  
+	
+      		 			
+	
+     	 					
+	
+      		   	
+	
+      		 	 	
+	
+     	 					
+	
+     		 	   
+	
+      		    
+	
+     			 			
+	
+     	 					
+	
+      				  	
+	
+      		    
+	
+     			 	 	
+	
+     	 					
+	
+     		   		
+	
+      		 	  
+	
+     		 			 
+	
+     	 					
+	
+      			   
+	
+      		  		
+	
+     		   		
+	
+      		    
+	
+     		 		 	
+	
+      		  		
+	
+     	 					
+	
+      		   	
+	
+     		 			 
+	
+     			 		 
+	
+      		   	
+	
+      		 	 	
+	
+      		   	
+	
+      			   
+	
+      		   	
+	
+      		  		
+	
+     					 	
+	
+  
--- a/Forensics/unseen/morse.wav
+++ b/Forensics/unseen/morse.wav
--- a/Forensics/unseen/nyc.png
+++ b/Forensics/unseen/nyc.png
			`@ -0,0 +1 @@`
			`print(''.join([chr(i) for i, j in zip(open('panda1.jpg', 'rb').read(), open('panda.jpg', 'rb').read()) if i!= j]))`