BCACTF Team p0isonp4wn

1. split-the-red-sea

Category: Forensics

We downloaded the file, and got this picture.

We use stegsolve to solve this challenge

Stegsolve is an immensly useful program for many steganography challenges, allowing you to go through dozens of color filters to try to uncover hidden text

Fire up your stegsolve

Switch to Red Plane 1

Flag: bcactf{7w0_r3d5_sdf3wqa}

2. bca-craft

Category: Forensics

After we download the file, we get the BCAcraft.zip

unzip

after We unzip the file, Wequickly notice the flag.mcfunction, maybe there is a flag right there. We tried to use sublime to view what’s inside.

We open it with sublime

Then we easily get the flag. The flag is: “, “b”, “c”, “a”, “c”, “t”, “f”, “{“, {“text”: “m1n3cr4f7_b347s_f0rtn1t3”.

cheese, right?

The flag is bcactf{m1n3cr4f7_b347s_f0rtn1t3}.

3. Wavey

Category: Forensics

We get a wav file named straightfire.wav.

wav file is Waveform Audio File Format is an audio file format.

Open it with Audacity

After some adjustments of speed, tempo and reverse the sound wave, still we got nothing, so we try spectogram.

A spectrogram is a visual representation of the spectrum of frequencies of a signal as it varies with time.

Spectogram

The flag is bcactf{f33lin_7h3_vib3z}.

4. study-of-roofs

We are provided with an jpeg image. As usual, we examine that image, Strings, Hexdump, Stegsolve etc.. until we got a something when we use Binwalk.

So, as we can see, there are images inside an image. We gonna try to extract those files. We use foremost in order to extract the files inside.

and it gives us the output folder

Lets open the 00003052.jpg

We have successfully extract the images inside and get the flag.

The flag is bcactf{r4i53_7h3_r00f_liz4rd}.

5. open-docs

We are given a zip file named open.zip.

We quickly notice the “word/secrets.xml”, maybe there is a flag there so we must open and find it.

PHNlY3JldCBmbGFnPSJiY2FjdGZ7ME94TWxfMXNfNG00ejFOZ30iIC8+

This may be the flag, We decode it using base64.

The flag is bcactf{0OxMl_1s_4m4z1Ng}.

6. corrupt-psd

So in this challenge, we are provided with and psd file named flag.psd.

A .PSD file is a layered image file used in Adobe PhotoShop. PSD, which stands for Photoshop Document, is the default format that Photoshop uses for saving data.

From the title itself, it obviously gives a hint to us that the challenge is to repair and recover the corrupted psd file. We use xxd or hexdump to dump its content into hexadecimals and able to check its file signature.

Then we got a quick research that the file signature of an .psd file is 38 42 50 53.

so as we notice our given file have an 4f4f on its first row, first column, which is the cause of the file to corrupt.

We use Bless hexEditor to fix our flag.psd file back to its original file signature.

then we gonna open the repaired flag.psd file using gimp.

We successfully fix the hexadecimals of psd file and get the flag.

The flag is bcactf{corrupt3d_ph070sh0p?_n0_pr0b5_1af4efb890}.

Conclusion

The challenges requires a basic knowledge how the data and files are encoded and find creative ideas to extract those data.