Added Forensics Challenges

2020-07-31 18:21:16 +05:30 · 2020-07-31 18:21:16 +05:30 · 3c743dd8fd
parent dde493c336
commit 3c743dd8fd
17 changed files with 301 additions and 0 deletions
--- a/Forensics/Archenemy/README.md
+++ b/Forensics/Archenemy/README.md
@ -0,0 +1,34 @@
 ## Archenemy
 The main idea finding the flag is using simple Steganography techniques.
 #### Step-1:
 After I downloaded `arched.png`, I wasn't able to open it. So I tried simple strings, binwalk commands. But no results.
 #### Step-2:
 So, I went for steghide tool this time.
 I tried `steghide extract -sf arched.png` and with a empty passphrase and it gave me this:
 ```
 wrote extracted data to "flag.zip".
 ```
 #### Step-3:
 So, now I had `flag.zip`, which had an image `meme.jpg`, but the zip was encrypted. So I had to use tool of that.
 ```
 $ zipCracker/zipcracker.py -f flag.zip -w /usr/share/wordlists/rockyou.txt 
    3638 / 14344394 |   0.00% -> masones1lndg456ce
 Password cracked: kathmandu
 Took 2.379971 seconds to crack the password. That is, 1529 attempts per second.
 ```
 #### Step-4:
 Voila! We finally have `meme.jpg` which contains flag.
 <img src="meme.jpg">
 #### Step-5:
 Finally the flag becomes:
 `csictf{1_h0pe_y0u_don't_s33_m3_here}`
--- a/Forensics/Archenemy/arched.png
+++ b/Forensics/Archenemy/arched.png
--- a/Forensics/Archenemy/flag.zip
+++ b/Forensics/Archenemy/flag.zip
--- a/Forensics/Archenemy/meme.jpg
+++ b/Forensics/Archenemy/meme.jpg
--- a/Forensics/Gradient
+++ b/Forensics/Gradient
@ -0,0 +1,113 @@
 ## Gradient Sky
 The main idea finding the flag is using simple Steganography techniques.
 #### Step-1:
 After I downloaded `sky.jpg`, I tried simple `strings sky.jpg | grep {`
 <img src="sky.jpg">
 ```
 n"l`{
 X#,{c#
 <{{!g6
 {}qv
 R{Guv
 9Cs{c=
 f{_(
 2;{PG<
 oH{iy$
 0{Tn
 q{dv
 {=Zw
 =||^{r
 75ub{
 |AcV{
 ;?{O
 `58{
 M{>ww
 ET{vz
 {tL=['
 r{;M
 {z_|
 Ezv{M
 ef^{
 {NxTy
 '{w'=\W
 ;\&\{
 yv{O
 nyui{
 {.,}
 .{M.
 h)+{8
 ={,^
 L,QaQDX{
 X{{V
 fty{/
 xr{4<
 ]{>{
 x8]{
 c&A{
 ={-^/
 -iQuG-S{
 6{)s
 7{oi
 w'u{
 ,:({
 ly={=/.
 {V<7,
 qv{]:
 z={m
 v{M:v
 /@j{
 {Yowk
 M{65
 {]:uc
 M[\{
 yv{M:
 f_UQ{
 m{G/
 W.q{
 E{4;G-
 {63(
 ][-z{
 ?f{F
 <{\u
 =+:{^
 w={<=x
 xVP{
 Z8<{;
 ;}z{
 ?-{>
 ?9{6
 Vy={>
 o.{[
 {~zru
 {9E~
 m?Oi{
 .{]}
 :zP{
 zv{=:
 k-tb{
 o{tl
 {=3{
 ?p{{,
 v{<k
 6{[3
 S{25
 y{_f
 DX}L{
 Y%O{
 sz/{S
 {]Sv
 m6{=
 v[M{;
 {Vf?
 %zv{lLPg
 x'{O
 csictf{j0ker_w4snt_happy}
 ```
 Voila! There we have our flag.
 #### Step-2:
 Finally the flag becomes:
 `csictf{j0ker_w4snt_happy}`
--- a/Forensics/Gradient
+++ b/Forensics/Gradient
--- a/Forensics/Panda/README.md
+++ b/Forensics/Panda/README.md
@ -0,0 +1,28 @@
 ## Panda
 The main idea finding the flag is using zip2john.
 #### Step-1:
 After I downloaded `panda.zip`, I got 2 files in it, `panda.jpg` & `panda1.jpg`.
 #### Step-2:
 It was encrypted. So I used `zip2john` tool to crack the zip.
 ```bash
 zip2john panda.zip > hash.txt
 john.exe --wordlist=real_human hash.txt
 ```
 <img src="panda.jpg">
 <img src="panda1.jpg">
 #### Step-3:
 This simple `flag.py` python script helps us to get the flag.
 ```python
 print(''.join([chr(i) for i, j in zip(open('panda1.jpg', 'rb').read(), open('panda.jpg', 'rb').read()) if i!= j]))
 ```
 #### Step-4:
 Finally the flag becomes:
 `csictf{kung_fu_p4nd4}`
--- a/Forensics/Panda/flag.py
+++ b/Forensics/Panda/flag.py
@ -0,0 +1 @@
 print(''.join([chr(i) for i, j in zip(open('panda1.jpg', 'rb').read(), open('panda.jpg', 'rb').read()) if i!= j]))
--- a/Forensics/Panda/panda.jpg
+++ b/Forensics/Panda/panda.jpg
--- a/Forensics/Panda/panda.zip
+++ b/Forensics/Panda/panda.zip
--- a/Forensics/Panda/panda1.jpg
+++ b/Forensics/Panda/panda1.jpg
--- a/Forensics/unseen/Flag.png
+++ b/Forensics/unseen/Flag.png
--- a/Forensics/unseen/Morse_Decode.png
+++ b/Forensics/unseen/Morse_Decode.png
--- a/Forensics/unseen/README.md
+++ b/Forensics/unseen/README.md
@ -0,0 +1,36 @@
 ## unseen
 The main idea finding the flag is using LSB bit and steghide tools.
 #### Step-1:
 After I downloaded `nyc.png` & `morse.wav`, I tried basic `binwalk` and `strings`, but obviously it didn't work.
 <img src="nyc.png">
 #### Step-2:
 I tried to decode `morse.wav` online [here](https://morsecode.world/international/decoder/audio-decoder-adaptive.html).
 <img src="Morse_Decode.png">
 #### Step-3:
 This message gave me idea that I have to search further in image only. Using the LSB hint from the description, I found the string `42845193` at 1-bit LSB.
 #### Step-4:
 Using Steghide tool, I tried to extract data from the `morse.wav` by command `steghide extract -sf morse.wav`
 Passphrase was `42845193`
 It gave me this output:
 ```
 wrote extracted data to "flag.txt".
 ```
 #### Step-5:
 Something to work on. So when I opened `flag.txt`. It was blank with space, tabs and newline. So I tried to decode that using Whitespace Decoder at : https://vii5ard.github.io/whitespace/
 <img src="Flag.png">
 Voila! I had the flag there.
 #### Step-6:
 Finally the flag becomes:
 `csictf{7h47_15_h0w_y0u_c4n_83c0m3_1nv151813}`
--- a/Forensics/unseen/flag.txt
+++ b/Forensics/unseen/flag.txt
@ -0,0 +1,89 @@
--- a/Forensics/unseen/morse.wav
+++ b/Forensics/unseen/morse.wav
--- a/Forensics/unseen/nyc.png
+++ b/Forensics/unseen/nyc.png
		`@ -0,0 +1 @@`
							`print(''.join([chr(i) for i, j in zip(open('panda1.jpg', 'rb').read(), open('panda.jpg', 'rb').read()) if i!= j]))`