PicoCTF 2023 - hideme (Forensics 100 Points)
This is a walkthrough on the easy hideme challenge which requires knowledge on file headers and magic numbers.
Challenge
Solution
After downloading the file in question which was an innocent looking flag.png that contains the PicoCTF logo we know. We open it in HxD (a freeware hex editor)
Near the end of the file, we see something interesting. With experience we know that this image is also a zip archive, which we can identify with the magic string PK which is a telltale sign of a zip archive.
Furthermore, we can see that it contains another flag.png
in a secret
folder. We can use binwalk or some other tool to extract but being lazy, we simply open the flag.png using 7zip
And we have the flag in the image (Flag text is censored)
There we go, an easy forensics challenge