Binwalk (CTF Learn)

Forensics

Challenge — Binwalk — CTFlearn — CTF Practice — CTF Problems — CTF Challenges

Here is a file with another file hidden inside it. Can you extract it? https://mega.nz/#!qbpUTYiK!-deNdQJxsQS8bTSMxeUOtpEclCI-zpK7tbJiKV0tXYY

I always change the names to something that is closest to what we do, so I changed the name of the file to the name of the task that we are doing now. Now let’s get started.

Here we define the file type .

I used exiftool, but didn’t find anything interesting :

It was in the title of the question that the file is hidden. You should extract it, then:

The **binwalk** command is a tool used for analyzing and extracting embedded files in binary data. In the command you provided:

  • binwalk: This is the command-line tool itself.

  • — extract: This option instructs binwalk to attempt to extract any files that it finds.

  • — dd=”.*”: This option specifies a regular expression pattern for files to be extracted. In this case, it’s set to “.*”, which essentially matches any file.

  • Binwalk.jpeg: This is the name of the file (presumably a JPEG image in this case) that you want to analyze and extract embedded files from.

So, when you run this command, binwalk will analyze the 'Binwalk.jpeg' file, attempt to find embedded files, and extract them. The --dd option with the regular expression ".*" allows it to extract any files it finds in the binary data.

When I used strings I didn’t find anything interesting :

The **eog** command is used to launch the Eye of GNOME (EOG) image viewer on Linux systems. The command you provided, eog 25795, is likely an attempt to open an image file with the EOG viewer.

Here’s a breakdown of the components:

  • eog: This is the command to start the Eye of GNOME image viewer.

  • 25795: This is likely the name of the image file you want to open with EOG.

So, when you run eog 25795, it attempts to open and display the image file named "25795" using the Eye of GNOME viewer. If the file exists in the current working directory, EOG will open and display the image. If the file is in a different directory, you may need to provide the full path to the image file.

Here is the flag\ See you soon in other reports….!!

Abdelwahab_Shandy

AS_Cyber