Description
Есть подозрение, что один из агентов центра обработки данных утаивает часть информации. Выясните какие данные скрывает Агент.
There is a suspicion that one of the data center agents concealing part of the information. Find out what kind of data Agent is hiding.
h4ck1t{}
Solution
The ZIP archive attached to the challenge contains a ./Docs directory that held several files and directories. First, I looked at all the files to get some idea of what was interesting and what was not:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
root@kali:~/h4ck1tctf/Brazil/solve/Docs# ls -aR .: . .. 1342116275_006.jpg 1361191423_97e1040f8c75.jpg 1409560635-3a78363c4eb9dc3a7719e6c075b46607.png 193765_original.jpg 625.jpg 7906.pdf cyber-attacks.doc desktop.ini Thumbs.db Thumbs.db:encryptable:$DATA Мои рисунки Моя музыка ./Мои рисунки: . .. Desktop.ini Образцы рисунков.lnk ./Моя музыка: . .. Desktop.ini Образцы музыки.lnk |
The Thumbs.db immediately got my attention as these kinds of files say something about the files that once existed on a machine (although they can be deleted now). As the Thumbs.db file has both content that is and is not human-readable, I chose to do a hexdump instead of a simple cat:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
root@kali:~/hackctf/Brazil/solve/Docs# hexdump -C Thumbs.db 000056f0 36 00 36 00 30 00 37 00 2e 00 70 00 6e 00 67 00 |6.6.0.7...p.n.g.| 00005700 00 00 00 00 22 00 00 00 04 00 00 00 00 5b 39 0e |...."........[9.| 00005710 35 13 d2 01 36 00 32 00 35 00 2e 00 6a 00 70 00 |5...6.2.5...j.p.| 00005720 67 00 00 00 00 00 3a 00 00 00 05 00 00 00 00 bd |g.....:.........| 00005730 4a 40 35 13 d2 01 31 00 39 00 33 00 37 00 36 00 |J@5...1.9.3.7.6.| 00005740 35 00 5f 00 6f 00 72 00 69 00 67 00 69 00 6e 00 |5..o.r.i.g.i.n.| 00005750 61 00 6c 00 2e 00 6a 00 70 00 67 00 00 00 00 00 |a.l...j.p.g.....| 00005760 6c 00 00 00 06 00 00 00 00 39 a0 59 36 13 d2 01 |l........9.Y6...| 00005770 68 00 34 00 63 00 6b 00 31 00 74 00 7b 00 37 00 |h.4.c.k.1.t.{.7.| 00005780 35 00 39 00 34 00 33 00 61 00 33 00 63 00 61 00 |5.9.4.3.a.3.c.a.| 00005790 32 00 32 00 32 00 33 00 30 00 37 00 36 00 65 00 |2.2.2.3.0.7.6.e.| 000057a0 39 00 39 00 37 00 66 00 65 00 33 00 30 00 65 00 |9.9.7.f.e.3.0.e.| 000057b0 31 00 37 00 35 00 39 00 37 00 64 00 34 00 7d 00 |1.7.5.9.7.d.4.}.| 000057c0 2e 00 6a 00 70 00 67 00 00 00 00 00 00 00 00 00 |..j.p.g.........| 000057d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00005800 |
Although there were many more lines, the last part of the hexdump contained the lines above. Interestingly, our flag is there!
As shown in the above hexdump, the flag for this challenge is h4ck1t{75943a3ca2223076e997fe30e17597d4}.
