Table of contents
Addition of picture information
Addition of picture information
misc5
There is nothing after opening
Open with a hex editor, at the bottom
misc6
also open nothing
Open with a hex editor, in the middle
misc7
Open it with a hexadecimal editor, the flag is at the bottom
misc8
Open the png image with a hexadecimal editor without flag. Thinking about whether to embed pictures? png image file end: 00 00 00 00 49 45 4E 44 AE 42 60 82. So you can search for the hexadecimal. Reference: https://www.yuque.com/chenchen-dqalz/ze0ngw/hgu6f17uotvlvdqz
It is found that there are two end-of-file characters, normally one end-of-file character, so there should be two pictures here
Separation of pictures, here using binwalk can not be successfully separated! Use the foremost to separate two pictures, and there is a flag in one picture
foremost images
misc9
Open the hexadecimal system and search for ctf to see the flag
misc10
Binwalk analysis found that there are multiple files
separate files
misc11
Hint: the flag is in another picture.
Open with tweakpng (TweakPNG is a utility for inspecting and modifying PNG image files), delete the first IDAT block, press f7 image preview found flag
misc12
Hint: the flag is in another picture.
After testing, use tweakpng to delete the first 8 IDATs
misc13
Tip: The flag position is at the end of the picture.
010Editor opened, and found that there are two ctf string words, and a noise character is inserted between the strings. The test found that the above is correct
every other character
s = "ct¹f…s†hªoKw°{!aeS6¥eT34exa%4Ý8ïf«51•8b‚7ºeE4|2Td~7:däeñ6úfõ412fT8ñ329éal}"
print(s[::2]) #每隔一个字符输出
misc14
Hint: the flag is in that picture.
Using binwalk analysis, it is found that there are two pictures, but using binwalk and foremost cannot be directly separated
Use 010editor to open, search for the jpg file header logo FF DB, select the one with 837, then copy the hexadecimal data to the end, and save it as jpg
misc15
A bmp file, open with flag
misc16
Tip: The flag is in the image data.
binwalk -e to separate, then cat DD4 to view the flag
misc17
Tip: The flag is in the image data.
Other methods failed, use zsteg to extract data, then use binwalk to separate, and finally get a png that is the flag
zsteg -e extradata:0 misc17.png > 1.txt
binwalk -e 1.txt --run-as=root
Get a picture and get the flag
misc18
Tip: The flag is in the title, author, camera and lens model.
Right-click the attribute, splicing the values of each field to get the flag
misc19
Hint: the flag is in the file name on the host. View exif information directly using the website: EXIF Information Viewer
misc20
Hint: the flag is in the comments.
EXIF information viewer , view
ctfshow{c97964b1aecf06e1d79c21ddad593e42}
misc 21
Tip: the flag is in the serial number
Check the website, and found a number in the serial number, which is obviously not in the flag format, first convert the hexadecimal to a string to see
Get: hex(X&Ys)
According to the meaning, try to convert the above x and y from decimal to hexadecimal
Separately to hexadecimal conversion - online tool , and then stitching
3902939465 2371618619 1082452817 2980145261
ctfshow{e8a221498d5c073b4084eb51b1a1686d}
misc22
Tip: the flag is in the picture
Here is the way of thumbnail steganography, called thumbnail steganography. Open it with Magicexif , you can directly see the flag in yellow font on the thumbnail.
Zoom in after screenshot
ctfshow{dbf7d3f84b0125e833dfd3c80820a129}
misc23
Hint: flag is in time.
Opens as a .psd file, which is an image file created by Adobe Photoshop.
Use exiftool to view the exift data of pictures
ExifTool is an open source software for reading, writing and processing the metadata (metadata) of files such as images (mainly), audio and video, and PDF.
Exif is an Exchangeable image file format (Exchangeable image file format), which is a standard that defines information related to images (or other media) captured by digital cameras and is used to store important data, such as camera exposure, shooting date And time, even GPS positioning, etc. In the early days, photographers needed to carry a notebook with them to record important information such as date, shutter speed, aperture, etc., which was cumbersome and error-prone. Nowadays, every digital camera supports Exif, which can record many parameters during shooting into photos through this format (Exif). The extra data in these photos (or other types of files) is called metadata. It consists of a series of parameters such as shutter speed, aperture, white balance, camera make and model, lens, focal length, and more. Exif information may cause privacy leaks (camera model, location, etc.). In social engineering, Exif is also a means of obtaining target information, so it is recommended to clean up Exif data before uploading photos to the Internet.
exiftool misc23.psd
There are many times to see the History When item:
1997/09/22 02:17:02
2055/07/15 12:14:48
2038/05/05 16:50:45
1984/08/03 18:41:46
Convert these times to timestamp Timestamp (Unix timestamp) Conversion Tool - Online Tool .
Get the following decimal system, and convert it to hexadecimal system and then splicing
874865822 2699237688 2156662245 460377706
ctfshow{3425649ea0e31938808c0de51b70ce6a}
misc41
The F001 indicated in the first sentence is the breakthrough point. There are a large number of F001 in this position, which seems to form a certain shape.
Search F001 to see the style of ctf, watch it with naked eyes and extract them one by one.
ctfshow{fcbd427caf4a52f1147ab44346cd1cdd}