MQCyberSec

MQCyberSec Logo

MQCyberSec
Back to Writeups

Fin 'n' find

by sealldev & finnersio
🚩 CTFs SecEdu CTF 2024 forensics
Fin 'n' find / SecEdu CTF 2024
Fin 'n' find

Description

One of the employees, Layton, has taken you aside, and is wondering if you can help fix a zip file that they broke. There seems to be some sensitive information hidden inside of it, we might as well have a look at this too (it's within scope) ;)

Original Writeup on seall.dev

We are given a zip files.zip.

I extract the zip’s data with 7z:

$ 7z x files.zip
7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
...

Scanning the drive for archives:
1 file, 258185 bytes (253 KiB)

Extracting archive: files.zip
WARNING:
files.zip
The archive is open with offset

--
Path = files.zip
Warning: The archive is open with offset
Type = zip
Physical Size = 258185

ERROR: Headers Error : random_files
                   
Sub items Errors: 1

Archives with Errors: 1

Sub items Errors: 1

It extracts to a random_files folder, with some errors.

I then run a basic grep -iR to recursively search all the files for the flag.

$ grep -iR 'SECEDU' .           
be32dd5e3b6c8748.txt:SECEDU{w04h!_th4t_w45_c0mpre55ing}

Well, all done!

Flag: SECEDU{w04h!_th4t_w45_c0mpre55ing}

Related Writeups

Information

Files can always be changed in a secret way. Can you find the flag? Hint: Look at the details of the file Hint: Make su ...

#easy

Mob psycho

Can you handle APKs?

#medium

Secret of the Polyglot

The Network Operations Center (NOC) of your local institution picked up a suspicious file, they're getting conflicting i ...

#easy

Share this writeup

Contribute

Found an issue or want to improve this writeup?

Edit on GitHub