Shulou(Shulou.com)05/31 Report--

Editor to share with you how to use BugKu CTF, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

I. tools

Hexadecimal editing tool 010 editor

Free_File_Camouflage image steganography tool

Second, the way to solve the problem

1. First take a look at hint.png, found that can not be opened, with 010 editor editor to open is garbled. No attribute was found either.

2.hint is generally in txt format, so change hint.png to hint.txt. Found that it can be opened normally, but it is of no use. I've been played.

3. Then take a look at the picture of sapphire. JPG. There is nothing wrong with the property, so drag it to the 010 editor editor. There's a lot of garbled code in the back, but I can't tell what it is. There should be a picture steganography. Let's go over all kinds of tools, but it didn't work out.

4. Here we need to use a tool, Free_File_Camouflage, which is a tool that can hide files as pictures. Using software users can store some of their private diaries or private software disguised as pictures, and the software supports restoration. Download place

Https://download.csdn.net/download/zjzqxzhj/15178293

5. Open the Free_File_Camouflage tool, load the sapphire .jpg image with De-camouflage a flie, and then click De-camouflage to generate a zip.passwd.doc document.

6. Open the word document and remind you that "the horizon is far away and near at hand". It is not good to decompress with this password. Pissed off!

7. Look at the document properties, nothing found, and then use 010 editor editor to open it, found that the file header is actually 504B 03 04, the beginning of the standard zip package ah. Try changing the file suffix to zip quickly.

8. After unzipping the package, you get a pile of files. Look for it one by one.

9. Finally, I found the hint I just saw in the document.xml document, "far away and near," and guessed that the password was nearby. Finally, it is found that XiAo_1U is the decompression password of the compressed package. You can decompress the real steg.zip package this time.

10. Drag the csgo file to the 010 editor editor and find that the file header is riff, modify the file suffix to riff, and open it with a drawing to show a picture.

11. The picture is as follows.

twelve。 Properties and various tools have been used again, and I don't know how to solve it. Here to consult the boss, boss hint, there is "webp" in the title description. Check that you can use the stegpy steganography tool to recover.

First we need to install stegpy in Kali

Pip3 install stegpy

The method of use requires sudo in Kali2020, but not in 2019

Stegpy csgo.riff

13. Execute the stegpy csgo.riff command to get flag. You have to do the specific flag yourself.

The above is all the contents of this article "how to use BugKu CTF". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.