## Snowboard
The main idea finding the flag using multiple forensics techniques.
#### Step-1:
After we download `Snowboard.jpg`, we try to open and see the flag and check if we find any.
#### Step-2:
I tried simple techniques and easily found answer when we send the command:
`strings Snowboard.jpg | grep {`
We get a false flag `CTFlearn{CTFIsEasy!!!}` which is not the correct flag.
So we try harder.
#### Step-3:
We use the following command to extract all the enclosed zipped images.
`binwalk -D='.*' Snowboard.jpg`
We get a new directory `_Snowboard.jpg.extracted`
In that directory, we get some files like `0`, `3A4`, `5A`, `393B` & `395B`.
#### Step-4:
We try different commands `strings | grep {`.
But after some tries, I tried command `strings -n 8 0` and got this as output:
```
CTFlearn{CTFIsEasy!!!}
Q1RGbGVhcm57U2tpQmFuZmZ9Cg==
Canon EOS 6D Mark II
GIMP 2.10.6
2019:05:07 14:37:21
2018:08:23 12:52:08
2018:08:23 12:52:08
082051002328
EF24-105mm f/4L IS USM
0000502af2
$.' ",#
(7),01444
'9=82<.342
!22222222222222222222222222222222222222222222222222
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
Jps]7"rT
http://ns.adobe.com/xap/1.0/
fPhotoshop 3.0
20190507
20180823
125208+0000
143721-1437
)$+*($''-2@7-0=0''8L9=CEHIH+6OUNFT@GHE
!E.'.EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
xj.kPDm^d
w~0@ +
)$R-RV-]
&6364-XE
05.jlhI$
"02A#3@P`
A<@n]K&.M
rJ50)'J+
AQ"pa#3q
qS]=aEA(
k7f6I]G.
MS&No!F)
.ED'e8c\
CLRz?0NIQ
+4YVY6D*
'>aWL'lN
CvtB;'Ef8'q
K# 1Ok +KN
!?[?M?U
!01@APQ`apq
! 10AQa@Pq`p
"""""""5
.&.qP8|Q0
R@m+O1ut
cN`VBPjTO
*1>Iors-ls
E3\@f_i^
}*T:,%t#
GHwW^YB\
```
#### Step-4:
Now we get this small Base64 encrypted message below the false flag
`Q1RGbGVhcm57U2tpQmFuZmZ9Cg==`
When we decrypt it, we get the flag.
#### Step-5:
Finally the flag becomes:
`CTFlearn{SkiBanff}`