This was a forensics challenge. We get a zip file named ziper.zip. Trying to extract it, we are greeted with an error message. unzip zipper.zip Archive: zipper.zip warning: filename too long–truncating. : bad extra field length (central) So, there is something wrong with the filename length. Possibly in the central headers. A quick readup on how ZIP files are constructed from ForensicsWiki and Structure of PKZip File helped a lot in solving this particular challenge.

This challenge is part of IceCTF - a wonderful jeopardy style CTF event organized by the Reykjavík University for a span of 15 long days. Had a very good experience of participating in a good CTF after a long time. I will be posting writeups on some of the interesting challenges, I came across. Here is the challenge file - dear_diary with md5sum : 45ecfd320d3b8236d3adece3041edb0f Running file on dear_diary shows

This was a easy one. We are required to find the flag in this image. This is the original image. Running file, shows nothing suspicious. stego_50.jpg: JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 430x425, frames 3 Running a binwalk, we can see that there is a ZIP archive appended to the end of the JPEG image. DECIMAL HEXADECIMAL DESCRIPTION ——————————————————————————– 0 0x0 JPEG image data, JFIF standard 1.

Here is our original picture. It is a picture of Emma Watson in an event. We are to extract the flag from this image.  I checked for common anomalies in the picture but, couldn’t find any. No extra information in the metadata or the blob content of the image. Then I suspected if it is LSB steganography and checked for it too. But, there could be no meaningful data extracted from the LSB bits.

I could not participate in GiS CTF which was conducted around 10 days back. But, the one good thing about these people is that they always have an archive of all their past events. This is a 150 point Crypto challenge named as Knockers. Here is the question. Dude, here’s a knocker token that will let you access my service on port 80. One day I will let you see my cool stuff on port 7175.