Skip to content

Latest commit

 

History

History

wani-ctf-2024

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 

WaniCTF 2024 - All Forensic Write Up

  • Author: k.eii
  • 6/6 Solved

for-tiny

image Given an iso file, just mount it.

for-surveillance-of-sus

Given .bin cache file. Upon examining with HxD, found out that it was a RDP BMP file (RDP BMP Cache File). So i use bmc-tools to parse it (https://github.com/ANSSI-FR/bmc-tools/) image

for-mem-search

Given a memory dump file. Analyze it using Volatility3. I try so many plugins and have a dead end. But i try to look at the users file using filescan and found out malicious file. image I examine the file and notice it was a poweshell script that do something on the pc image image

for-tiny-10px

Given jpg file with 10x10 pixel size, i try to extract the colors from it but found nothing so i try to do something with it size chunk (https://cyberhacktics.com/hiding-information-by-changing-an-images-height/) image

Flag{b1g_en0ugh} -> i guess it and it was correct

For-codebreaker

Just some regular qr fixing image image

for-streamer

Given pcap file. And notice it contains RTP Packets. (https://en.wikipedia.org/wiki/Real-time_Transport_Protocol) image RTP Packets is used to do transfer file when streaming. So we need to extract the video (the description said it use H264 encoding).

H264 RTP Payload type is 96, so i set it (https://stackoverflow.com/questions/26164442/decoding-rtp-payload-as-h264-using-wireshark) image

Using h264 extractor plugin, i can extract it (https://github.com/volvet/h264extractor/tree/master). The video stream is at udp port 59974. The other one is audio stream. image image