SMP CTF-2024 Comment Your Amount - Digital Forensics

0xodinx

SMP CTF-2024 Comment Your Amount - Digital Forensics challenge Writeup.... 


Category: Digital Forensics 


Hint: Comment your Amount 


Attach File: [password.zip] , [flag.zip]
 


Solutions :-


Step 1 :- 


I unzipped both files. However, flag.zip required a password, and the password.bmp image did not open.


Step 2 :- 


I opened password.bmp in an online hex editor using hexed[.]it .


online hex editor using hexed[.]it

 


It seems the file's header signature is corrupted. So, I found the actual header signature of a BMP image file and compared it with the corrupted one.


BMP image file and compared it with the corrupted one



The BMP file header is missing. A valid BMP file starts with 'BM' (hex value: 42 4D). I edited the header of my password.bmp file, replaced it with these hex values, and created a new password1.bmp file.

 

Step 3 :- 


I opened password1.bmp, and it displayed the image below.

 

opened password1.bmp, and it displayed the image


The image provided a hint to unzip [flag.zip] using the password {Us3_M3_To_D3cod3}.




we retrieved the flag and the flag is ....



And we retrieved the flag: [SMP{It's_3457_1sn'T_1T}].


0 Comments