Press "Enter" to skip to content

Tag: CTF-Forensics/Recon

CTF question type – Forensics / Reconaissance.

[Hackover]thecard – 9pts

After unzip the .xz, I’ve got “thecard.img” file. But it cannot normally articulated: .IMG is a disk image, so that I try to unzip it again to see what file in that. In the file “[UNKNOWN]”, there are 4 files and 3 of them are in JFIF format. But the JFIF cannot open correctly again. So i put it into the hex editor to see what happen. That’s it, we all know the valid JFIF files is begin with FF D8 FF E0 ?? ?? ‘J’ ‘F’ ‘I’ ‘F’ 00, but the file is start with 00. So let me correct it. Finally, we got 3 picture, the first one gave me a flag:

Comments closed

[CTF(x)]corrupt – 150pts

Description: defund’s method of corrupting images is pretty crude. 題目只給了一張損壞了的圖片 Solution: 把圖片扔上 https://online.officerecovery.com/pixrecovery/後得出 把圖片扔入photoshop , 發現圖片分別在R G B中都有一部份的數值比較高 最後調整成 得出 ctf([email protected]_PNG) 雖然一定有更好的方法 , 可是因為技術不足 , 只能做成這樣了

Comments closed

[CTF(x)]crash – 50pts

Description: defund wasabout to give this flag away until his computercrashed. Solution: 下載flag.zip後, 在windows中打開一看發現有2個文件 .swp是 vim的暫存檔 , 若在工作時不正常的中斷 , 那暫存檔就是唯一的方法找回數據 所以我們回到linux 果然這是一個崩壞的檔案 , 所以直接點R , 得出 ctf(v1m_is_be77er_than_3macs) 參考資料: http://linux.vbird.org/linux_basic/0310vi.php

Comments closed

[Hackcon]In Rainbows

Question:

Solution: 拿到圖片後 , 使用photoshop放大一看 , 有很多顏色不同的像素 經過一輪不停嘗試填色之下 , 得出 最初以為黃色是真的沒有東西 , 是作者用來混淆我們的 , 因為彩虹只有7種顏色啊.. 後來發現我錯得很離譜.. 最後我重新打開photoshop嘗試使用不同方法對影像進行調整 發現只要把亮度調至最低 , 隱藏在黃色裡的東西就出來了 所以根據圖片得出 ++++++++[>++++>++++++>++++++++>++++++++++>++++ ++++++++<<<<<-]> >>>>++++++++++++++++++++.————— .<++++++++.>+++++++++++++++.<+++++++.———-.<+++.- -.>——-.++++++.+++++++++++.>–.<<<+++.+.>>+++++.—– .>———.++++++++++.<<<.>>.+++.>-.<-.++++++++.>—-.<— .<<<++++++++++..>>>>—. [>]<[[-]<] 這個東西一看就知道是那個虐腦語言BrainFuck , 直接扔到BrainFuck的IDE內運行 teXt_UCANT_r34d_is4_brainf**k

Comments closed

[IceCTF]Corrupt Transmission – 50pt

Question: We intercepted this image, but it must have gottencorrupted during the transmission. Can you try and fix it?corrupt.png Solution: 我發現這是一個破損的圖片檔案 , 嘿嘿 然而跟據wiki , png的magic number是 89 50 4e 47 0d 0a 1a 0a 所以修復之便能開啟了 IceCTF{t1s_but_4_5cr4tch}

Comments closed

[IceCTF]Audio Problems – 50pt

Question: We intercepted this audio signal, it sounds like therecould be something hidden in it. Can you take a look and see if youcan find anything? Solution: 我下載後發現是音樂檔案 , 聽下發現有點奇怪的聲音 , 然後順手扔到軟件分析聲譜圖 , 發現如下 IceCTF{y0u_b3t7Er_l15TeN_cL053lY}

Comments closed

[SCTF]Failed Compression – 80

題目: I was trying to compress some files, but I think I messed itup? 解法: 題目給予了一個不能打開的壓縮檔 , 經過C32asm的查看 , 裹面有1450張 頭和尾損壞的圖片 而我要做的就是把這些都修復並重新輸出成為圖片 故我得出以下算法 在等待運行結束後 , 我發現第330張圖片便是flag sctf{1_am_50_50rry_4_d01ng_thi5_2_u}

Comments closed

[TJCTF2016]Outbox – 100

題目: Sometimes I miss that land of bliss. Hint: What do timetables, metallurgy, and metaphors all havein common? 解法: 看了下文件格式 , 原來是Email的Backup文件 , 所以用Mail Viewer打開看之 看到有一附件 , 立馬抽出來 然後用C32asm打開看看 頭幾個字節為54 41 50 45 00 00 , 此為Windows backup file的magicnumber 隨便找個虛擬機 , 把backup回復 , 得出flag.doc 裡面有一張圖片 tjctf{@[email protected]_Fr0M_tH3_Pa$t}

Comments closed

[ABCTF]Always So Itchy – 100

題目: Hint: None 解法: 看到這題目時我也是囧了 , 沒辦法先搜索一下 經過一番的搜索 , 我找到了這東西 按指示進入到主界面 發現使用wview指令能看到有什麼文件存在 , 經過測試後發現flag存放在doc2內

Comments closed

[ABCTF]Drive Home – 50

題目: Hint: None 解法: 看到edit?usp=sharing我就想到google drive了 所以直接就把 1_TxYCrk5vIMlUjiB1OioXmR7b-Uq_a9aPIh9JyYlPNs替換上 得出以下url https://drive.google.com/file/d/1_TxYCrk5vIMlUjiB1OioXmR7b-Uq_a9aPIh9JyYlPNs/view abctf{g00gle_driv3_1s_my_f4v0r1t3}

Comments closed