Naughty Cat CTF Writeup

CTFlearn - Naughty Cat Challenge Solution

Feb 10, 2022

Home

CTFlearn

Naughty Cat Writeup

  • Category: Forensics
  • Points: 50
  • level: Medium

Challenge

Think the flag is somewhere in there. Would you help me find it? https://ctflearn.com/challenge/download/890

Solution

The solution is fairly lenghty. First we use binwalk to detect the hidden files

binwalk cut3_c4t.png

Screenshot

we get some file here, now lets extract those files

binwalk --dd='.*' cut3_c4t.png

Screenshot

we get 3 files here, lets detect these file types using file

file *

SS

we see here a rar file, let extract it...

unrar x 28E4B

Screenshot

here we got two more files, so we use file on these

file y0u_4r3_cl0s3.rar purrr_2.mp3

Screenshot we can see here that the rar file is only showing as data which means it is corrupted.

When we see it's hex value in hexedit we see that the hex header is wrong and then we change it to its correct value that is 52 61 72 21 1A 07 01 00

hexedit y0u_4r3_cl0s3.rar

Screenshot Screenshot

now after using files we see that the rar file is showing correctly, so we try extracting it .....

Screenshot

But now it start asking for password. To find the password we use audio visualizer on 'purrr_2.mp3' in spectogram mode. I used audacity which got us the password sp3ctrum_1s_y0ur_fr13nd

Screenshot

unrar x y0u_4r3_cl0s3.rar

using password sp3ctrum_1s_y0ur_fr13nd

SS

here we get a file f1n4lly.txt. Now we cat the filewhich give us some encrypted text.

cat f1n4lly.txt

Screenshot

ZjByM241MWNzX21hNXQzcg==

Here we notice that the encrypted text have two equalto(=) signs at the end so we try decrypting it with base64 online.

https://www.base64decode.org/

after decypting we get the flag as

FLAG

f0r3n51cs_ma5t3r

Back
IPFS Nodes Setup
RSS