- category: Forensics
- points: 50
Do you think this is a normal image? No! Dig deeper to find out more…..
Given the file
strings or classic forensics
stuff output useful information.
Try with Binwalk:
$ binwalk welcome.jpeg
So it may contain a
zip file: let’s extract it (binwalk
We’re given a
d.zip file, which contains two files:
a.zip is a password-protected archive. That password may be in the
The latter file contains some random characters, but we can recognize a Base64
encoded string at the very end of the file:
echo "dGhlIHBhc3N3b3JkIGlzOiBoMzExMF90aDNyMyE==" | base64 -d
We can now unzip the
a.zip file with the
The extracted file
a.png contains the following image:
stegsolve we can obtain the flag using the “Blue plane 1” filter.