spanskiduh
/
frictf_forensics_presentation
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
frictf_forensics_presentation/presentation.md

3.4 KiB
Raw Blame History

title author patat
FRIctf{forenzika} DragonSec
eval
figlet
command fragment replace
figlet false true 
FORENZIKA

FRIctf 2022

KAJ JE FORENZIKA ?
  • Steganografija
  • Analiza "memory dumpov"
  • Analiza tcp/udp paketov

Basically vse kjer je potrebno izlusciti neko skrito informacijo.

ANALIZA SLIK
  • Najprej si oglejmo sliko
feh images/PXL_20220920_141456208.jpg

# Poglejmo drobovje slike
carbon :: ctf/2022/frictf_forensics_presentation » hexdump  -C images/PXL_20220920_141456208.jpg | head
00000000  ff d8 ff e1 dc 66 45 78  69 66 00 00 49 49 2a 00  |.....fExif..II*.|
00000010  08 00 00 00 0d 00 00 01  03 00 01 00 00 00 d0 0b  |................|
00000020  00 00 01 01 03 00 01 00  00 00 c0 0f 00 00 0f 01  |................|
00000030  02 00 07 00 00 00 aa 00  00 00 10 01 02 00 0b 00  |................|
00000040  00 00 b1 00 00 00 12 01  03 00 01 00 00 00 01 00  |................|
00000050  00 00 1a 01 05 00 01 00  00 00 bc 00 00 00 1b 01  |................|
00000060  05 00 01 00 00 00 c4 00  00 00 28 01 03 00 01 00  |..........(.....|
00000070  00 00 02 00 00 00 31 01  02 00 15 00 00 00 cc 00  |......1.........|
00000080  00 00 32 01 02 00 14 00  00 00 e1 00 00 00 13 02  |..2.............|
00000090  03 00 01 00 00 00 01 00  00 00 69 87 04 00 01 00  |..........i.....|

EXIFTOOL
  • Orodje, ki izlusci vse informacije, ki jih slika/video/gif hrani.
carbon :: ctf/2022/frictf_forensics_presentation » exiftool images/PXL_20220920_141456208.jpg | grep -i Date
File Modification Date/Time     : 2022:10:03 22:17:56+02:00
File Access Date/Time           : 2022:10:13 16:01:45+02:00
File Inode Change Date/Time     : 2022:10:03 22:17:56+02:00
Modify Date                     : 2022:09:20 16:14:56
Date/Time Original              : 2022:09:20 16:14:56
Create Date                     : 2022:09:20 16:14:56
GPS Date Stamp                  : 2022:09:20
Profile Date Time               : 2016:12:08 09:38:28
Create Date                     : 2022:09:20 16:14:56.208+02:00
Date/Time Original              : 2022:09:20 16:14:56.208+02:00
Modify Date                     : 2022:09:20 16:14:56.208+02:00
GPS Date/Time                   : 2022:09:20 14:14:55Z

EXIFTOOL

carbon :: ctf/2022/frictf_forensics_presentation 130 » exiftool images/PXL_20220920_141456208.jpg  | grep -i gps
GPS Latitude Ref                : North
GPS Longitude Ref               : East
GPS Altitude Ref                : Above Sea Level
GPS Time Stamp                  : 14:14:55
GPS Img Direction Ref           : Magnetic North
GPS Img Direction               : 295
GPS Date Stamp                  : 2022:09:20
GPS Altitude                    : 339.1 m Above Sea Level
GPS Date/Time                   : 2022:09:20 14:14:55Z
GPS Latitude                    : 46 deg 1' 53.06" N
GPS Longitude                   : 14 deg 29' 1.37" E
GPS Position                    : 46 deg 1' 53.06" N, 14 deg 29' 1.37" E

FORENSICS == STRINGS & GREP :-)

carbon :: ctf/2022/frictf_forensics_presentation 1 » exiftool images/PXL_20220920_141456208.jpg | grep -i comment
Comment                         : ctf{yay_my_first_forensic_flag}


CYBERCHEF

VOLATILITY

APERISOLVE

WIRESHARK

DELAVNICE
  • @Pixel -> memory dump challenge
  • @spanskiduh -> packet capture challenge
VPRASANJA ?