picoCTF writeup Forensics

警告
本文最后更新于 2023-01-29,文中内容可能已过时。

Enhance!是一个svg文件

用cat打印 flag在文件尾

picoCTF{3nh4nc3d_6ae42bba}

Lookey here

txt文件 打开搜索picoCTF即可

picoCTF{gr3p_15_@w3s0m3_c91a291d}

Packets Primer

流量包分析

翻一翻就有

picoCTF{p4ck37_5h4rk_2edd7e58}

Redaction gone wrong

一部分被涂黑的pdf

全选复制粘贴即可

picoCTF{C4n_Y0u_S33_m3_fully}

Eavesdrop

流量包分析

分析tcp流能得到一段对话

Hey, how do you decrypt this file again?
You're serious?
Yeah, I'm serious
*sigh* openssl des3 -d -salt -in file.des3 -out file.txt -k supersecretpassword123
Ok, great, thanks.
Let's use Discord next time, it's more secure.
C'mon, no one knows we use this program like this!
Whatever.
Hey.
Yeah?
Could you transfer the file to me again?
Oh great. Ok, over 9002?
Yeah, listening.
Sent it
Got it.
You're unbelievable

根据对话将9002端口传输的salt开头的数据保存为文件

然后在linux里面用openssl解出来文件

picoCTF{nc_73115_411_91361db5}

St3g0

一个png 用zsteg一扫就出了

picoCTF{7h3r3_15_n0_5p00n_4706df81}

0%