Forensics Warmup 1
Category : Forensics
Points: 50
Problem
Can you unzip this file for me and retreive the flag?
Hint
Make sure to submit the flag as picoCTF{XXXXX}
Solution
The file which has to be downloaded is in .zip format which can be easily opened with the help of a command-line or any software like Winrar (for Windows) and Archive Manager (for Ubuntu and other Linux distros).
To extract the file using terminal go to the directory where the file was downloaded and run the command unzip flag.zip. The unzip command is used to extract the file contents of a zip file. The syntax of the unzip command is unzip <filename>. To learn more about the command go here.
After the unzip command or opening using other tools there will be only a single file that is extracted named flag.jpg. When opening the file it will look something like this.
Just enter the same in the text field provided and hit submit.
Solution Flag
picoCTF{welcome_to_forensics}
Forensics Warmup 2
Category : Forensics
Points: 50
Problem
Hmm for some reason I can’t open this PNG? Any ideas?
Hint
How do operating systems know what kind of file it is? (It’s not just the ending!
Make sure to submit the flag as picoCTF{XXXXX}
Solution
The file which was downloaded won’t open with image viewer software which tells that the file extension given is wrong. There are various types of image files with different extensions like jpg, png etc. You can learn more about them here.
Now to check the correct file type of file we can use the “file” command. It determines the file types of any file and its syntax is file <filename>. To know more about the same you can visit the Linux Man Pages here or alternatively the same content is available by entering the command man file in terminal.
To determine the actual file type of our file.png we can enter the command file file.png in the terminal. Just make sure you are in the same directory. The output of that command will be –
1 | flag.png: JPEG image data, JFIF standard 1.01, resolution (DPI), density 75x75, segment length 16, baseline, precision 8, 909x190, frames 3 |
which clearly states that its a jpeg file. Now to clear the challenge just change the file extension to jpg and you will be able to view the image when opening it with any image viewing software. The image will be as given below.
Just enter the same flag in the text field and hit submit.
Solution Flag
picoCTF{extensions_are_a_lie}
For more capture the flag challenges visit CTF.
If you want to see Leetcode explained solutions visit Leetcode Solutions.
Check out my socials below in the footer. Feel free to ask any doubts in comment section or contact me via Contact page I will surely respond.
Happy Learning 🙂