Skip to main content
R4shSec
R4shSec

picoCTF WriteUp | Flag in Flame

·1 min· loading · loading ·
CTF PicoCTF Easy Forensics PicoMini by CMU-Africa
R4shSec
Author
R4shSec
I like it when things work how they’re not supposed to.
Table of Contents

Introduction
#

Hey everyone 👋 — In this Capture The Flag (CTF) task, we’re told to analyze a large log file with something hidden within.

Task

Analyzing The File
#

File Analysis

The file seems like it’s encoded in base64. I would run a command to decode it.

cat logs.txt | base64 -d > logs_decoded.txt

Decoded File
#

As we can see, the decoded log file seems like it’s actually a .PNG.

Result

View
#

Looking at this .png file, we can see that a long string appears.

String Image

Extracting & Decoding Strings
#

Google offers great Optical Character Recognition (OCR) technology. It allows us to copy the string which is:

7069636F43544678666F72656E736963735F616E616C797369735F69735F616D617A696E675F61633165333538347D

We can drop it in MagicChef using the Magic recipe. It would return the result from Hex.

Magicchef

Flag 🚩
#

picoCTF{forensics_analysis_is_amazing_ac1e3584}