Who is it - 100 pts
Description
Someone just sent you an email claiming to be Google’s co-founder Larry Page but you suspect a scam.Can you help us identify whose mail server the email actually originated from?Download the email file here. Flag: picoCTF{FirstnameLastname}
Approach
we need to find the IP address of the sender. In order to determine the sender’s IP address, we should search for it within the provided .eml
file.
we can perform a WHOIS lookup using the IP address 173.249.33.206 to retrieve the owner’s name.
Flag: picoCTF{WilhelmZwalina}
Find and Open - 200 pts
Description
Someone might have hidden the password in the trace file.Find the key to unlock this file. This tracefile might be good to analyze.
Approach
We have two files: a password-protected ZIP
file and a PCAP
file. Upon inspecting the PCAP file in Wireshark, a base64 string was discovered.
Decoded the base64 string and found half flag
┌──(kali㉿iasad)-[~/CTFs/PicoCTF]
└─$ echo VGhpcyBpcyB0aGUgc2VjcmV0OiBwaWNvQ1RGe1IzNERJTkdfTE9LZF8= | base64 -d
This is the secret: picoCTF{R34DING_LOKd_
I tried the half flag as a password on the zip and it worked got the flag.
Flag: picoCTF{R34DING_LOKd_fil56_succ3ss_cbf2ebf6}
MSB - 200 pts
Description
This image passes LSB statistical analysis, but we can’t help but think there must be something to the visual artifacts present in this image…Download the image here
Approach
Based on the name and description, it appears that the flag may be hidden in the most significant bit (MSB). I searched for ways to extract the data from MSB, and found a Python tool Sigbit.py
┌──(kali㉿iasad)-[~/CTFs/PicoCTF]
└─$ python sigBits.py -t=msb Ninja-and-Prince-Genji-Ukiyoe-Utagawa-Kunisada.flag.png
Done, check the output file!
I search for “picoCTF” in the output and found the flag
Flag: picoCTF{15_y0ur_que57_qu1x071c_0r_h3r01c_06326238}