Forensics – EzDump-Compromised

EzDump – Compromised writeup by srdnlen Category: FORENSICS. Solves: 35 Points: 200 Description: We do not understand. We changed the password of k3vin but it look’s like someone can still access his account. Can you please find out how the hacker did ? The dump is the same as the one from EzDump – BuildContinua a leggere “Forensics – EzDump-Compromised”

Forensics – Shark on wire 2

Shark on Wire 2 – 300pt Challenge We found this packet capture. Recover the flag that was pilfered from the network. You can also find the file in /problems/shark-on-wire-2_0_3e92bfbdb2f6d0e25b8d019453fdbf07. Hints (none) Solution If you open capture.pcap with WireShark, and you follow the 6th udp stream, you’ll find the flag of the previous level, and ifContinua a leggere “Forensics – Shark on wire 2”

Forensics – Shark on wire 1

Shark on Wire 1 – 150pt Challenge We found this packet capture. Recover the flag. You can also find the file in /problems/shark-on-wire-1_0_13d709ec13952807e477ba1b5404e620. Hints Try using a tool like Wireshark What are streams? Solution If you open capture.pcap with WireShark, and you follow the 6th udp stream, you’ll get the flag picoCTF{StaT31355_636f6e6e}

Forensics – So_meta

So meta – 150pts. Challenge Find the flag in this picture. https://2019shell1.picoctf.com/static/61e816c3ab6abee2bda49f438bd49571/pico_img.png Hints What does meta mean in the context of files? Ever hear of metadata? Solution We have a file to download (pico_img.png). We have to visualize the metadata of the file -> through the terminal we use exiftool to visualize them (using theContinua a leggere “Forensics – So_meta”

Forensics – PastAAA

PastAAA – 350pts. Challenge This pasta is up to no good. There MUST be something behind it.https://2019shell1.picoctf.com/static/16d6023e39d418e4f0724ad318f1382c/ctf.png Hints no hints avaible Solution We need to find the flag inside the image and to find a way to extract it. We discover that the technique used for the encoding of the flag is the LSB (leastContinua a leggere “Forensics – PastAAA”

Forensics – Glory_of_the_garden

Glory of the garden – 50pts. Challenge This garden contains more than it seems:https://2019shell1.picoctf.com/static/38b5c0bde1a6a92d282b128c71799722/garden.jpg Hints What is a hex editor? Solution This challenge is very easy. First we have downloaded a file called garden.jpg Using the linux terminal, we use "strings"on garden.jpg Among the values obtained, we find the flag of this challenge! picoCTF{more_than_m33ts_the_3y36BCA684D}

Forensic – What_lies_within

What lies within – 150pts. Challenge Theres something in the building: https://2019shell1.picoctf.com/static/aec3861fc4d5bce4d39dc0db196426de/buildings.png. Hints There is data encoded somewhere, there might be an online decoder Solution We have a file called buildings.png and we need to find a way to extract the flag for this challenge from our png. Following the advice we simply look onContinua a leggere “Forensic – What_lies_within”

Forensics – Moonwalk_2

Moonwalk 2 – 300pts. Challenge Revisit the last transmission. We think this transmission contains a hidden message. There are also some clues clue 1, clue 2, clue 3. message 1 https://2019shell1.picoctf.com/static/0702fc780b00e377041f55d5806557aa/message.wav clue 1 https://2019shell1.picoctf.com/static/0702fc780b00e377041f55d5806557aa/clue1.wav clue 2 https://2019shell1.picoctf.com/static/0702fc780b00e377041f55d5806557aa/clue2.wav clue 3 https://2019shell1.picoctf.com/static/0702fc780b00e377041f55d5806557aa/clue3.wav Hints Use the clues to extract the another flag from the .wav file. Solution weContinua a leggere “Forensics – Moonwalk_2”

Forensics – Moonwalk_1

Moonwalk – 250pts. Challenge Decode this message from the moon. https://2019shell1.picoctf.com/static/f5ca745ad5d88a890b5f20b8ffde3d70/message.wav Hints How did pictures from the moon landing get sent back to Earth? What is the CMU mascot? that might help select a RX option Solution we have a file called message.wav with the flag to decode inside. When we open the file weContinua a leggere “Forensics – Moonwalk_1”

Forensics – WebNet1

WebNet1 – 450pt Challenge We found this packet capture and key. Recover the flag. Hints Try using a tool like Wireshark. How can you decrypt the TLS stream? Solution Same process as WebNet0. Open the pcap file with Wireshark. This time a jpeg image is requested via HTTP (vulture.jpg). If you go in packet 91Continua a leggere “Forensics – WebNet1”