[Suninatas] Forensic 21

연·2025년 2월 21일

Security

목록 보기

33/60

문제

What is a Solution Key?
Is it a Puzzle?

풀이

사진을 다운받아 https://29a.ch/photo-forensics/#level-sweep 여기에서 이것저것 조절을 해보다가 절대 안나올 것 같아서 칼리로 갔다.

처음에 exiftool을 사용하여 해당 사진의 메타데이터를 조회해보았다.
이렇게 많은 메타데이터를 제공해준 적은 처음인 것 같다.

이 밑에도 더 있으나.. binwalk 를 사용해 힌트를 얻었다.

┌──(kali㉿kali)-[~/Downloads]
└─$ binwalk monitor.jpg   
/usr/lib/python3/dist-packages/binwalk/core/magic.py:431: SyntaxWarning: invalid escape sequence '\.'
  self.period = re.compile("\.")

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             JPEG image data, EXIF standard
12            0xC             TIFF image data, little-endian offset of first image directory: 8
97678         0x17D8E         JPEG image data, EXIF standard
97690         0x17D9A         TIFF image data, little-endian offset of first image directory: 8
196186        0x2FE5A         JPEG image data, EXIF standard
196198        0x2FE66         TIFF image data, little-endian offset of first image directory: 8
294133        0x47CF5         JPEG image data, EXIF standard
294145        0x47D01         TIFF image data, little-endian offset of first image directory: 8
391811        0x5FA83         JPEG image data, EXIF standard
391823        0x5FA8F         TIFF image data, little-endian offset of first image directory: 8
490319        0x77B4F         JPEG image data, EXIF standard
490331        0x77B5B         TIFF image data, little-endian offset of first image directory: 8
588266        0x8F9EA         JPEG image data, EXIF standard
588278        0x8F9F6         TIFF image data, little-endian offset of first image directory: 8
685944        0xA7778         JPEG image data, EXIF standard
685956        0xA7784         TIFF image data, little-endian offset of first image directory: 8
784452        0xBF844         JPEG image data, EXIF standard
784464        0xBF850         TIFF image data, little-endian offset of first image directory: 8
882399        0xD76DF         JPEG image data, EXIF standard
882411        0xD76EB         TIFF image data, little-endian offset of first image directory: 8
980077        0xEF46D         JPEG image data, EXIF standard
980089        0xEF479         TIFF image data, little-endian offset of first image directory: 8
1078585       0x107539        JPEG image data, EXIF standard
1078597       0x107545        TIFF image data, little-endian offset of first image directory: 8
1176532       0x11F3D4        JPEG image data, EXIF standard
1176544       0x11F3E0        TIFF image data, little-endian offset of first image directory: 8
1274210       0x137162        JPEG image data, EXIF standard
1274222       0x13716E        TIFF image data, little-endian offset of first image directory: 8
1372718       0x14F22E        JPEG image data, EXIF standard
1372730       0x14F23A        TIFF image data, little-endian offset of first image directory: 8

뭐야!! 스테가노그래피였어? 하면서 냅다 foremost를 사용해 바로 뽑아냈다.

┌──(kali㉿kali)-[~/Downloads]
└─$ foremost monitor.jpg  
Processing: monitor.jpg
|*|

숨겨져있던 사진들을 보니 친절하게도 자를 치워주신다.

연

Whatever I want | Interested in DFIR, Security, Infra, Cloud

이전 포스트

[Suninatas] Forensic 15 & 18

다음 포스트

[Suninatas] Forensic 21

Security

문제

풀이

[Suninatas] Forensic 15 & 18

Course Certificate for Incident Response and Digital Forensics (1)

0개의 댓글