Preface
I did a few misc questions last week, now let’s summarize them.
1. Look at the picture properties
"When you get the question, remember to look at the attributes of the picture first, sometimes clues will be hidden in it!" This sentence is a reminder for us to make a question, then let's take a look at the attributes of this picture to see if there is us The desired flag.
We drag this picture to the desktop, and then click the properties of the right mouse button, and then we will see the relevant information about this picture. Then we clicked on the detailed information in the third column, hehe, what did we find? Yes, isn't the information in the remarks the flag we want!
2. Modify the picture width or height
The title has told us to modify the width or height of the picture, then we let the picture open in winhex, and then modify the width or height to be OK.
We can see that the height of this picture seems incomplete, so we can modify the height in winhex. You can see that the shaded part I marked in the picture actually represents the width and height of the picture, and the first half of it is 0000045F Represents the width of the picture, the second half of 00000200 represents the height of the picture, we need to modify the high part 00000200 to be the same as the width of the picture 0000045F. After the modification, the marked shadow part becomes 0000045F0000045F, and then We press ctrl+s to save the picture.
After the picture is saved, we reopen the picture, take a look, and then we will find that the flag is hidden in the restored picture, and finally we submit the flag hidden in the picture and it is OK.
3.SL is hidden in bytes
Similarly, this question gave us a prompt message: "winhex/010 ediot tool must learn to use, the format of this question is SL{}". So we open the picture directly with winhex (no more pictures here, just open the picture in winhex). The title tells us that the answer format is SL{}, then we can press ctrl+f to search for SL, and then the part marked in the figure after searching is the answer.
4. Supplement the head
Seeing this question, we should think that this question is to change the file header, the image format for this question is png, and then put the image in winhex.
We move the mouse cursor to the forefront of the first line and click the right button, and then see that there is an edit. After we click on the edit, click the "Paste 0 bytes". The default byte number is 4, and then we add a header to the file 89504E47, and then save the picture, you can see the flag in the saved picture.
Attach a picture of the format of the header and the end of the commonly changed file.
5. Sign-in questions
The tip of this question is not to think too much, it is just a check-in question, so we also put it in winhex for analysis, and then we pulled it to the end and found that the lines I marked looked a bit suspicious , So we use the ascll code converter to decode it, hehe, yes, after decoding, we got the flag.
6.LSB
"Simple LSB steganography, hiding information in the least significant bit. You can use Stegsolve to extract it." Wow, this question has another obvious hint. So we opened the picture in Stegsolve (we will not put the picture here) for analysis. Open Stegsolve and click the second item Data Extract in Analyse. Then we select the 0 channel of the last three columns. After selecting, click Preview to display the least significant bit hidden information, and then we see the flag.
to sum up
After completing the questions, you must summarize and check the missing parts.