BCACTF Team p0isonp4wn
1. split-the-red-sea
Category: Forensics
We downloaded the file, and got this picture.
We use stegsolve to solve this challenge
Stegsolve is an immensly useful program for many steganography challenges, allowing you to go through dozens of color filters to try to uncover hidden text
Flag: bcactf{7w0_r3d5_sdf3wqa}
2. bca-craft
Category: Forensics
After we download the file, we get the BCAcraft.zip
after We unzip the file, Wequickly notice the flag.mcfunction, maybe there is a flag right there. We tried to use sublime to view what’s inside.
Then we easily get the flag. The flag is: “, “b”, “c”, “a”, “c”, “t”, “f”, “{“, {“text”: “m1n3cr4f7_b347s_f0rtn1t3”.
cheese, right?
The flag is bcactf{m1n3cr4f7_b347s_f0rtn1t3}.
3. Wavey
Category: Forensics
We get a wav file named straightfire.wav.
wav file is Waveform Audio File Format is an audio file format.
After some adjustments of speed, tempo and reverse the sound wave, still we got nothing, so we try spectogram.
A spectrogram is a visual representation of the spectrum of frequencies of a signal as it varies with time.
The flag is bcactf{f33lin_7h3_vib3z}.
4. study-of-roofs
We are provided with an jpeg image. As usual, we examine that image, Strings, Hexdump, Stegsolve etc.. until we got a something when we use Binwalk.
So, as we can see, there are images inside an image. We gonna try to extract those files. We use foremost in order to extract the files inside.
and it gives us the output folder
Lets open the 00003052.jpg
We have successfully extract the images inside and get the flag.
The flag is bcactf{r4i53_7h3_r00f_liz4rd}.
5. open-docs
We are given a zip file named open.zip.
We quickly notice the “word/secrets.xml”, maybe there is a flag there so we must open and find it.
PHNlY3JldCBmbGFnPSJiY2FjdGZ7ME94TWxfMXNfNG00ejFOZ30iIC8+
This may be the flag, We decode it using base64.
The flag is bcactf{0OxMl_1s_4m4z1Ng}.
6. corrupt-psd
So in this challenge, we are provided with and psd file named flag.psd.
A .PSD file is a layered image file used in Adobe PhotoShop. PSD, which stands for Photoshop Document, is the default format that Photoshop uses for saving data.
From the title itself, it obviously gives a hint to us that the challenge is to repair and recover the corrupted psd file. We use xxd or hexdump to dump its content into hexadecimals and able to check its file signature.
Then we got a quick research that the file signature of an .psd file is 38 42 50 53.
so as we notice our given file have an 4f4f on its first row, first column, which is the cause of the file to corrupt.
We use Bless hexEditor to fix our flag.psd file back to its original file signature.
then we gonna open the repaired flag.psd file using gimp.
We successfully fix the hexadecimals of psd file and get the flag.
The flag is bcactf{corrupt3d_ph070sh0p?_n0_pr0b5_1af4efb890}.
Conclusion
The challenges requires a basic knowledge how the data and files are encoded and find creative ideas to extract those data.