Extract the contents of the zip file and identify the hidden flag. Phase 1: Initial Triage
If the flag appears as a string of random characters (e.g., ZmxhZ3tnMDBkX2pvYn0= ), it is likely Base64 encoded. Use a decoder to reveal the cleartext. Conclusion File: spookytimes_2-pc.zip ...
Run strings on the binary files or images to look for human-readable text. strings image_name.png | grep "flag{" Extract the contents of the zip file and
Extract the files. If prompted for a password, common CTF passwords like "infected", "password", or "spooky" may be required, or the password might be found in a related challenge description. Phase 2: Analysis Conclusion Run strings on the binary files or
If the zip contains nested layers (a zip within a zip), you may need to script a solution to recursively unzip the files until you reach the final payload.
If images are present, they may contain hidden data. Tools like StegSolve (to check color planes) or steghide (for hidden embedded files) are commonly used. Phase 3: Solving for the Flag
Start by running the file command to confirm the file type. file spookytimes_2-pc.zip
© Copyright 2017 Trần Bá Đạt Blog. Hosted by Vultr.