Added Forensics Challenges

This commit is contained in:
rishitsaiya 2020-07-31 18:21:16 +05:30
parent dde493c336
commit 3c743dd8fd
17 changed files with 301 additions and 0 deletions

View File

@ -0,0 +1,34 @@
## Archenemy
The main idea finding the flag is using simple Steganography techniques.
#### Step-1:
After I downloaded `arched.png`, I wasn't able to open it. So I tried simple strings, binwalk commands. But no results.
#### Step-2:
So, I went for steghide tool this time.
I tried `steghide extract -sf arched.png` and with a empty passphrase and it gave me this:
```
wrote extracted data to "flag.zip".
```
#### Step-3:
So, now I had `flag.zip`, which had an image `meme.jpg`, but the zip was encrypted. So I had to use tool of that.
```
$ zipCracker/zipcracker.py -f flag.zip -w /usr/share/wordlists/rockyou.txt
3638 / 14344394 | 0.00% -> masones1lndg456ce
Password cracked: kathmandu
Took 2.379971 seconds to crack the password. That is, 1529 attempts per second.
```
#### Step-4:
Voila! We finally have `meme.jpg` which contains flag.
<img src="meme.jpg">
#### Step-5:
Finally the flag becomes:
`csictf{1_h0pe_y0u_don't_s33_m3_here}`

Binary file not shown.

After

Width:  |  Height:  |  Size: 519 KiB

Binary file not shown.

Binary file not shown.

After

Width:  |  Height:  |  Size: 27 KiB

View File

@ -0,0 +1,113 @@
## Gradient Sky
The main idea finding the flag is using simple Steganography techniques.
#### Step-1:
After I downloaded `sky.jpg`, I tried simple `strings sky.jpg | grep {`
<img src="sky.jpg">
```
n"l`{
X#,{c#
<{{!g6
{}qv
R{Guv
9Cs{c=
f{_(
2;{PG<
oH{iy$
0{Tn
q{dv
{=Zw
=||^{r
75ub{
|AcV{
;?{O
`58{
M{>ww
ET{vz
{tL=['
r{;M
{z_|
Ezv{M
ef^{
{NxTy
'{w'=\W
;\&\{
yv{O
nyui{
{.,}
.{M.
h)+{8
={,^
L,QaQDX{
X{{V
fty{/
xr{4<
]{>{
x8]{
c&A{
={-^/
-iQuG-S{
6{)s
7{oi
w'u{
,:({
ly={=/.
{V<7,
qv{]:
z={m
v{M:v
/@j{
{Yowk
M{65
{]:uc
M[\{
yv{M:
f_UQ{
m{G/
W.q{
E{4;G-
{63(
][-z{
?f{F
<{\u
=+:{^
w={<=x
xVP{
Z8<{;
;}z{
?-{>
?9{6
Vy={>
o.{[
{~zru
{9E~
m?Oi{
.{]}
:zP{
zv{=:
k-tb{
o{tl
{=3{
?p{{,
v{<k
6{[3
S{25
y{_f
DX}L{
Y%O{
sz/{S
{]Sv
m6{=
v[M{;
{Vf?
%zv{lLPg
x'{O
csictf{j0ker_w4snt_happy}
```
Voila! There we have our flag.
#### Step-2:
Finally the flag becomes:
`csictf{j0ker_w4snt_happy}`

Binary file not shown.

After

Width:  |  Height:  |  Size: 288 KiB

28
Forensics/Panda/README.md Normal file
View File

@ -0,0 +1,28 @@
## Panda
The main idea finding the flag is using zip2john.
#### Step-1:
After I downloaded `panda.zip`, I got 2 files in it, `panda.jpg` & `panda1.jpg`.
#### Step-2:
It was encrypted. So I used `zip2john` tool to crack the zip.
```bash
zip2john panda.zip > hash.txt
john.exe --wordlist=real_human hash.txt
```
<img src="panda.jpg">
<img src="panda1.jpg">
#### Step-3:
This simple `flag.py` python script helps us to get the flag.
```python
print(''.join([chr(i) for i, j in zip(open('panda1.jpg', 'rb').read(), open('panda.jpg', 'rb').read()) if i!= j]))
```
#### Step-4:
Finally the flag becomes:
`csictf{kung_fu_p4nd4}`

1
Forensics/Panda/flag.py Normal file
View File

@ -0,0 +1 @@
print(''.join([chr(i) for i, j in zip(open('panda1.jpg', 'rb').read(), open('panda.jpg', 'rb').read()) if i!= j]))

BIN
Forensics/Panda/panda.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 76 KiB

BIN
Forensics/Panda/panda.zip Normal file

Binary file not shown.

BIN
Forensics/Panda/panda1.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 76 KiB

BIN
Forensics/unseen/Flag.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 110 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 44 KiB

View File

@ -0,0 +1,36 @@
## unseen
The main idea finding the flag is using LSB bit and steghide tools.
#### Step-1:
After I downloaded `nyc.png` & `morse.wav`, I tried basic `binwalk` and `strings`, but obviously it didn't work.
<img src="nyc.png">
#### Step-2:
I tried to decode `morse.wav` online [here](https://morsecode.world/international/decoder/audio-decoder-adaptive.html).
<img src="Morse_Decode.png">
#### Step-3:
This message gave me idea that I have to search further in image only. Using the LSB hint from the description, I found the string `42845193` at 1-bit LSB.
#### Step-4:
Using Steghide tool, I tried to extract data from the `morse.wav` by command `steghide extract -sf morse.wav`
Passphrase was `42845193`
It gave me this output:
```
wrote extracted data to "flag.txt".
```
#### Step-5:
Something to work on. So when I opened `flag.txt`. It was blank with space, tabs and newline. So I tried to decode that using Whitespace Decoder at : https://vii5ard.github.io/whitespace/
<img src="Flag.png">
Voila! I had the flag there.
#### Step-6:
Finally the flag becomes:
`csictf{7h47_15_h0w_y0u_c4n_83c0m3_1nv151813}`

89
Forensics/unseen/flag.txt Normal file
View File

@ -0,0 +1,89 @@

BIN
Forensics/unseen/morse.wav Normal file

Binary file not shown.

BIN
Forensics/unseen/nyc.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.7 MiB