ngga tau

Solved by : grb

alt text

In this challenge, we are provided with chall.png; let's immediately use the tool Binwalk.

why binwalk ??

Binwalk is excellent at finding signatures (unique file headers/footers) of known file types (like ZIP, JPEG, or even firmware components) that might be hidden or appended after the primary file structure (the PNG image).

$ binwalk johen.png

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             JPEG image data, JFIF standard 1.01
122747        0x1DF7B         Zip archive data, encrypted at least v2.0 to extract, compressed size: 78, uncompressed size: 73, name: flag.txt
122985        0x1E069         End of Zip archive, footer length: 22
Interpretation

Appending archives to images is a common steganographic/“hide-in-plain-sight” technique used in CTFs and forensic challenges. Because the ZIP is a valid PKZIP-style archive and the entry is encrypted, we need to treat this as a password-protected ZIP cracking problem rather than an image-processing problem.

binwalk -e johen.png
# result: _johen.png.extracted/1DF7B.zip

Okay, the output shows that there is a password to open the zip file. To guess that password, we will use the tool John the Ripper. Here is the payload:

john --wordlist=~/wordlists/rockyou.txt --format=pkzip 1DF7B.hash

That payload uses a wordlist that can be installed from git clone https://github.com/danielmiessler/SecLists.git ~/SecLists

From that process, we can extract the zip file and output the file flag.txt

alt text

andd cat that filee..

compit{cb433a507d9b3bdcd1481550b38aaa474a15452897193d1cbec25277d763323f}

Happy hackking.. 😜😜