This was a forensics challenge. We get a zip file named ziper.zip. Trying to extract it, we are greeted with an error message. unzip zipper.zip Archive: zipper.zip warning: filename too long–truncating. : bad extra field length (central) So, there is something wrong with the filename length. Possibly in the central headers. A quick readup on how ZIP files are constructed from ForensicsWiki and Structure of PKZip File helped a lot in solving this particular challenge.

This challenge is part of IceCTF - a wonderful jeopardy style CTF event organized by the Reykjavík University for a span of 15 long days. Had a very good experience of participating in a good CTF after a long time. I will be posting writeups on some of the interesting challenges, I came across. Here is the challenge file - dear_diary with md5sum : 45ecfd320d3b8236d3adece3041edb0f Running file on dear_diary shows

This is the writeup for ievel 1 challenge in Pan Labyrenth CTF - Unix track. Download the original challenge file The given file is an obfuscated perl script. There are chunks of base64 strings which are decoded and appended to $a and then at last a huge chunk 0f base64 string is decoded and then eval-ed. Decoding the string to be evaluated, we can find more eval statements in it.

Another easy stego challenge. The challenge consists of a HTML file. Opening it up, reveals that there is a table present. There were various cells present with nearly-same background color. Original file link here - glasses.tar.gz. A sample from the original HTML file. <td style="width: 7.75757575757576px; background-color: rgb(255, 255, 255);"></td> <td style="width: 7.75757575757576px; background-color: rgb(255, 255, 255);"></td> <td style="width: 7.75757575757576px; background-color: rgb(255, 255, 254);"></td> <td style="width: 7.75757575757576px; background-color: rgb(255, 255, 254);"></td> <td style="width: 7.

This was a easy one. We are required to find the flag in this image. This is the original image. Running file, shows nothing suspicious. stego_50.jpg: JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 430x425, frames 3 Running a binwalk, we can see that there is a ZIP archive appended to the end of the JPEG image. DECIMAL HEXADECIMAL DESCRIPTION ——————————————————————————– 0 0x0 JPEG image data, JFIF standard 1.