HSCTF 6 — Forensics Challenges
After publishing the solutions of the web challenges now it’s time to move on with forensics challenges and this is all about how i solved the HSCTF 6 Forensics Challenges. Let’s start.
Chicken Crossing
So i downloaded the file and it was a Chicken image.
SO i thought of moving onto checking the details using exiftool and file command and found nothing interesting!
At the end thought of checking this file using strings and got the flag!
Cool Image
So this time we have a PDF file. Let’s check it. The file seems to be a PNG.
So we can simply rename this file or move it to change the extension and eog works for us.
Cool Image 2
This time we have another png file.
It looks a data file and we have a string too ;) nothing more valuable in here. Let’s try looking up onto the hexdump.
We can see the information but extra bytes are messing the file! Let’s try foremost to audit this corrupt image.
We are done with the challenge!
Slap
This time we are provided with another image which is none other than a slap on the face. Well that hurts. On checking the metadata of the file using exiftool we can see lorem ipsum text. I tried using the grep command to locate the flag and i got it hidden deep in the text!
Logo Sucks Bad
We have another png file.
We have the competition log this time. On trying binwalk we found out hidden data and extracted it!
We have two files. One is empty and other is zlib compressed.
Searched for a while and came across this tool to decode the data from the image file @ https://stylesuxx.github.io/steganography/
Copied the data and grepped the flag!
Fish
This time we have another .jpg file.
Its a regular JPEG file and has the message for us that “tux is cute”. But what is tux?
We found nothing informative so far. If we try to look onto the hexdump we find “JFIF”. On running the strings command we found a string!
Using it as a password with StegHide we got the flag!
Double Trouble
We are provided with two Koala images!
On running the strings on “koala.png” we got a disguised flag!
I found nothing interesting in the second image! let’s try using binwalk!
Well tried Binwalk, Strings, StegSolve, StegSuite, Strings and nothing yielded any information. Let’s try ZSTEG to find the information.
ZSTEG results shows us the passphrase :)) On using the mediafire link we are provided with a text file.
It is a GPG file and ecrypted. We need to decrypt it using the passphrase.
That’s all :))
Skywriting V2
So we have the flag! Let’s check the hint!
It’s all about XORing and we can do it with python easily!
from pwn import xor
import string
text = 'LjUlMiA9LxI1GTUTNiodECAtUSx5YxY4'.decode('base64')
for i in string.ascii_letters:
print xor(text,i),iI got the result!
hsctf{iTs_sUpl[Vfk�j?%P~ FMoving ahead in order to brute from the 13th character!
from pwn import xor
import string
text = 'LjUlMiA9LxI1GTUTNiodECAtUSx5YxY4'.decode('base64')
for i in string.ascii_letters:
print xor(text[13:],i),i& got the result as
eR_ob�c6,Yw OSo the flag till now became hsctf{iTs_sUp1er_ob}
I wasn’t able to find the last character so thought to guess it! It seems to be obvious so we can have multiple combinations.
The final flag is hsctf{iTs_sUp1er_obViouS}
…
That’s all!
Thanks for reading :))
