Ctf-i Spring Net Ding Cup first misc part writeup

Ctf-i Spring Net Ding Cup first misc part writeup

Recently, because of the job registration of the net Tripod Cup, was abused a few days later know oneself or too young! Share your own experience in solving problems.

Minified

Topic:

A picture of a flower screen, PNG, old method, first look at the properties

There's nothing.

Throw it in the WINHEXV and see.

The header file is normal, it is PNG, and trying to search the flag keyword has not been harvested.

Keep throwing it into the Kali and analyze it with Binwalk.

And I didn't find anything unusual.

Would it be highly steganography, directly in the Kali double hit open png picture, found that can open normally ( Note: The modified height of the picture cannot be opened directly in the Kali, will show that the image cannot be loaded )

That continues to analyze the Idat block, Idat is a PNG image of the image of the data stored in the block, it is unclear to add to the PNG image format knowledge

We use Pngcheck to analyze idat blocks of images

Well, there's no exception.

Finally, get stegsolve and run.

Click the right arrow to find red plane 0 incredibly empty, it should be and huaping the same picture actually all black, there must be a problem, and the other 0 channels are content

Click Analyse-data Extract to view the picture channel

Select 0 Channel Discovery Playload is an LSB steganography

Save the 0 channels of Alpha,green and blue separately for different or processing

The flag is found in the comparison between Alpha and Green as shown;

Clip

Open the topic found to be the. disk file, which should be a Linux disk file

But the title of the frequency is damaged, it must not go to Kali test, then analyze the file it

Open with WINHEXV.

Well, don't know what it is, keep looking down and find the hex data that is not the same as above! There may be something inside.

The file header of PNG was found in line 196,280th of Winhex ( Note: PNG 16 header starts with 89504E47 )

There is also a PNG image of IHDR

Cut out and add PNG header

Get two photos

Picture 1:

Picture 2:

PS Stitching of two images to get flag

original article, please indicate the source: