encryptCTF2019 — Forensics Writeup

2nd board wipe of the year ❤

It’s a WrEP

be sure to specify the correct index number
cracked

Wi Will H4CK YOU!!

WPA
3375a889fae19f9e9578414e4b88f320:14cc20f532fe:a85c2c380c59:encryptCTF:ThanckYou

Get Schwifty

Journey to the Center of the File 1

  1. legit method (scripting)
  2. joke method (cheesing)

Scripting Method

Please see the initial observations below:

  1. Extracting the .gz file using gzip -d will give us ziptunnel1 , which is a .zip file.
#!/bin/bash
# made with <3 by mon from hackstreetboys
mkdir staging
cp ziptunnel1.gz staging/
cd staging
for i in {1..1000}
do
if [ $((i%2)) -eq 0 ]
then
gzip -df *
else
unzip *
rm ziptunnel1 > /dev/null 2>&1
fi
done

Cheese Method

So you wanna learn how to cheese challenges like these, eh? You’ve come to the right blog. Open the file in FTK:

wait for it
done

Journey to the Center of the File 2

  1. Extracting ziptunnel2 will give us flag , a gz file.
  2. Extracting flag (after renaming it to flag.gz) will give us flag, a zip file.
  3. Extracting flag (the zip file) will give us flag, another gz file
  4. Extracting flag (after renaming it to flag.gz) will give us flag, a zip file.
  5. Extracting flag (the zip file) will give us flag, a bzip2 file
  6. Extracting flag (the bzip2 file) will give us flag.out , a zip file
  7. Extracting flag.out will take us back to step 2.

Legit Method

With the above steps in mind, let’s upgrade zipmole.sh to zipmole2.py. Yep, I used python for this:

import gzip
import bz2
import zipfile
while 1:
try:
#if zip, unzip it
with zipfile.ZipFile("flag") as zip_file:
zip_file.extractall()
except:
with open("flag", "rb") as f:
result = f.read()
try:
#if bzip2
result = bz2.decompress(result)
with open("flag", "wb") as f:
f.write(result)
except:
try:
#if gzip
result = gzip.decompress(result)
with open("flag", "wb") as f:
f.write(result)
except:
print(result)
break

Noob Method

Alright, for this noob method. We’ll just blindly follow the steps above.

#!/bin/bashwhile :
do
mv flag flag.gz
gzip -df flag.gz
unzip -o flag
mv flag flag.gz
gzip -df flag.gz
unzip -o flag
bzip2 -d flag
unzip flag.out
rm -rf flag.out
done

Conclusion

All in all these challenges were fun! Although I was expecting more forensics challenges for this CTF, solving these were good refreshers to some basics in the digital forensics field.

PS

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store