Published on

Wani CTF 2024 - All Forensic Write Up

Authors
  • avatar
    Name
    Serikat Newbie Indonesia
    Twitter
    Default Post Author

WaniCTF 2024 - All Forensic Write Up

  • Author: k.eii
  • 6/6 Solved

for-tiny

image Given an iso file, just mount it.

for-surveillance-of-sus

Given .bin cache file. Upon examining with HxD, found out that it was a RDP BMP file (RDP BMP Cache File). So i use bmc-tools to parse it (https://github.com/ANSSI-FR/bmc-tools/) image

Given a memory dump file. Analyze it using Volatility3. I try so many plugins and have a dead end. But i try to look at the users file using filescan and found out malicious file. image I examine the file and notice it was a poweshell script that do something on the pc image image

for-tiny-10px

Given jpg file with 10x10 pixel size, i try to extract the colors from it but found nothing so i try to do something with it size chunk (https://cyberhacktics.com/hiding-information-by-changing-an-images-height/) image

Flag{b1g_en0ugh} -> i guess it and it was correct

For-codebreaker

Just some regular qr fixing image image

for-streamer

Given pcap file. And notice it contains RTP Packets. (https://en.wikipedia.org/wiki/Real-time_Transport_Protocol) image RTP Packets is used to do transfer file when streaming. So we need to extract the video (the description said it use H264 encoding).

H264 RTP Payload type is 96, so i set it (https://stackoverflow.com/questions/26164442/decoding-rtp-payload-as-h264-using-wireshark) image

Using h264 extractor plugin, i can extract it (https://github.com/volvet/h264extractor/tree/master). The video stream is at udp port 59974. The other one is audio stream. image image

Discuss on TwitterView on GitHub