Mischief Kid ~ Traboda Forensic Challenge Write Up

Challenge Description : Little Bart here is the biggest troublemaker in town. He is hiding the flag somewhere safe. Follow and bust out little Bart to get what you want!

Clue : They say Bart hates magic.

Challenge Link : https://app.traboda.com/challenge/498

Flag Format : inctfj{…}

Initially we are provided a zip file which consists of an image named busted.png

busted.png

Lets verify whether any image/data is hidden in busted.png

Open a terminal and execute

binwalk -e mischief.jpg

We will get a new folder which contains another folder named Flag and some zlib file (not important)

On entering the Flag folder , we shall find an image named busted.png which is not viewable which raises an concern

On checking the file type of busted.png we shall that it is of text type.

Since they have mentioned that Bert hates magic , lets check the magic numbers of busted.png which can be found its hex dump .

To view the hex dump lets use a tool named ghex.

In a terminal execute..

ghex busted.png

On executing the above command we will be able to see the following window

See the first 8 elements of this dump

89 4E 0D 0A 1A 0A 00 00 

But the correct header for a png file is

89 50 4E 47 0D 0A 1A 0A

Make the required changes in the header of the image. After doing those changes you will be able to view the image which also contains the flag for this challenge.

busted.png

The flag for this image is inctfj{_4Ye_@aRr4mbB4_u_g0T_m3!}

Installing Binwalk and ghex

$ sudo apt install binwalk$ sudo apt install ghex

Intro to Traboda : Traboda is an Cybersecurity Edutech from which provides 200+ challenges from various categories and competitions with difficulty ranging from beginners to experts.

--

--

--

こんにちは

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Shufti Pro’s ID Fraud Report 2021 Spotlights 3% Increase in Scam Rate

$Vera Token Contest

XDV Node — July 2021 updates

Banner Grabbing

iNf4mation 150 Tweets

TryHackMe: OhSINT

BlueKeep’s Got Company: Two New Microsoft Wormable Vulnerabilities Patched

A cyber criminal is selling access to 900 Citrix servers of big companies worldwide

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Srikesh Ravikumar

Srikesh Ravikumar

こんにちは

More from Medium

The State of MAVLink in 2021

Dead Butt Syndrome: Causes and Cures [Infographic]

Kristen Hayden Becomes 1st Black Woman to Ever Win a National Diving Title

2021 in Film — My Personal Awards