- Author: k.eii
- 6/6 Solved
Given an iso file, just mount it.
Given .bin cache file. Upon examining with HxD, found out that it was a RDP BMP file (RDP BMP Cache File). So i use bmc-tools to parse it (https://github.com/ANSSI-FR/bmc-tools/)
Given a memory dump file. Analyze it using Volatility3. I try so many plugins and have a dead end. But i try to look at the users file using filescan and found out malicious file. I examine the file and notice it was a poweshell script that do something on the pc
Given jpg file with 10x10 pixel size, i try to extract the colors from it but found nothing so i try to do something with it size chunk (https://cyberhacktics.com/hiding-information-by-changing-an-images-height/)
Flag{b1g_en0ugh}
-> i guess it and it was correct
Given pcap file. And notice it contains RTP Packets. (https://en.wikipedia.org/wiki/Real-time_Transport_Protocol) RTP Packets is used to do transfer file when streaming. So we need to extract the video (the description said it use H264 encoding).
H264 RTP Payload type is 96, so i set it (https://stackoverflow.com/questions/26164442/decoding-rtp-payload-as-h264-using-wireshark)
Using h264 extractor plugin, i can extract it (https://github.com/volvet/h264extractor/tree/master). The video stream is at udp port 59974. The other one is audio stream.