Easy Live

Binwalk

30 points

5515 Solves

Forensics

Easy

alexkato29

Community Rating: 4.52 / 5

Here is a file with another file hidden inside it. Can you extract it? https://mega.nz/#!qbpUTYiK!-deNdQJxsQS8bTSMxeUOtpEclCI-zpK7tbJiKV0tXYY

First 10 Solvers


  • Pwnyhawk

    If you are not a huge fan of binwalk cyberchef makes this easy as well!!

    • m87donis

      I honestly think it's easier to use cyberchef opposed to binwalk, but that's just me.

  • gabrielcampos

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • FelixGB

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • LordBlueShell

      Protected

      [REDACTED] This comment is only shown to users who have solved this challenge.

    • Desfolio

      Protected

      [REDACTED] This comment is only shown to users who have solved this challenge.

  • Theriphunters

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • k4at3034

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • BranMan

    Question when using binwalk. The extra png shows up when i binwalk the file however when using binalk -e to extract known file types all i get in the extraction folder is an empty file called 29 and the zlib data file, neither of which are the hidden png, can anyone tell me why binwalk fails to extract the png it has celarly detected? Ended up using cyberchef which basically felt like cheating with how easily it did it.

    • Melino

      The 29 files are the ones you need, you don't need any png

        • heyzec

          
          /-*  >>  /-*  >>  /-*  >>  |-*  >>  |-*  >>  |_*  >> *_/  >>  *_/  >>  *\/
          _|.  >>  .|.  >>  .|.  >>  .|.  >>  .-.  >>  .-.  >> .-.  >>  ./.  >>  ./.
          /\/  >>  /\/  >>  \\/  >>  \./  >>  \./  >>  -./  >> -./  >>  -./  >>  /.\
          

  • hamu96

    good challenge needs you to understand the extraction command

  • iPseudo

    refuse to use CyberChef. Was able to extract the two files yet one is empty and the other is a zlib containing compressed data... cant figure how to decompress it tough. @intelagent, any clue?

    • Lytes

      Use the foremost command

  • Lytes

    If binwalk doesn't work for you and you font want "cheat" by using cyberchef, give the foremost command a try.

  • Fl4Gg3R

    I just get 29 and 29.zlib neither of which is the hidden file?

    • Melino

      Reread the question... a file hidden within a file

  • Happypat900

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • Aster

    very informative and also beginner friendly. comments helped so much

  • Foxty

    Cool challenge ! I didn't managed to solve it using Binwalk, used Cyberchef instead !

  • wojtek9022

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • glucosepill

    took me some time to solve, but good. make me learn new thing

  • JSZSZ

    I've done it in notepad. Is it ok? :D

  • Defendr

    Don't get mad if people use CyberChef, its a good resource, there are many ways to solve problems. Good Challenge!

  • Bodzio

    I'm new and I don't know what should I do. Can someone give me a good tip?

  • Caillou

    Nice challenge. Could be resolve using Notepad++. Good compromise for learning files structure for beginners. Just my opinion :)

  • TheBigBro122

    Nice challenge, I used foremost because I think it's easier with that instead of binwalk.

  • TheBigBro122

    Nice challenge, I used foremost because I think it's easier with that instead of binwalk.

  • vain19

    it was some what harder than the other i had to download the binwalk and go from there

  • nnoo

    On 31st of March I was able to download one image from another challenge. Today I can't access any of the downloads... mega.nz has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site.

    The issue is most likely with the website, and there is nothing you can do to resolve it. You can notify the website’s administrator about the problem.

  • M7B4

    Linux needed to complete

  • gidatij269

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • dgcarti

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • Karodak

    If it doesnt work with the bin*** command, try adding --d="."

      • Srivathsan01

        What does this mean??? I see this {.*} in most questions and can't really understand this REGEX.

  • kamsimow

    Good one - something new to learn :D

  • sgt787

    These took some reading but thanks to the comments, I found my way.

  • ImYawn

    TIPS for people who are stuck:

    If you are stuck, redownload the file and run the commands again. At first my file was corrupted or something.

  • warmachine86

    requires indepth use of binwalk to extract the png file containing the flag

  • judith

    just use binwalk and extract, don't forget to add extension and specify type

  • John_Noob5

    wow... this is the best thing ever and also i'm new to all of this stuff. At first it's make me crazy, also the comments help me a lot

  • kr43mr

    loved this challenge comments pushed me in right direction :)

  • ryxicare

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

    • pspice2000

      Protected

      [REDACTED] This comment is only shown to users who have solved this challenge.

  • keygress

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • eyepatch

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • pspice2000

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • UfaiX04

    nicely made, learnt something new!

  • Lualt

    I have a question i have windows and i do not know witch things i need to use with cyberchef

  • Lualt

    I have a question i have windows and i do not know witch things i need to use with cyberchef

  • Lualt

    I have a question i have windows and i do not know witch things i need to use with cyberchef

  • Lualt

    I have a question i have windows and i do not know witch things i need to use with cyberchef

  • Lualt

    I have a question i have windows and i do not know witch things i need to use with cyberchef

  • Lualt

    I have a question i have windows and i do not know witch things i need to use with cyberchef

  • Lualt

    I have a question i have windows and i do not know witch things i need to use with cyberchef

  • Desfolio

    Got me confused at first. There's one extra step that i think we had to do, confusion came up in doing that extra step. Great challenge!

  • rawana16

    I don't think binwalk is the right tool. I struggled trying to fine the flag in the zlib file the the other png was empty. cyberchef is better to use

    • rawana16

      Okay I understood why I wasn't getting any results

  • SHaNTuDe

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • pokethecode

    Good fun. Much time wasted trying to decompress zlib. Should have spent more time understanding the operation of binwalks flags.

  • V1L3N

    As a beginner, it was a bit hard! This might help you ---> binwalk --extract --dd=".*" <file_name>

  • elliot_pwn

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • rinkesh20

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • rinkesh20

    Protected

    [REDACTED] This comment is only shown to users who have solved this challenge.

  • touCan

    CyberChef made this really easy. I would have tried it if I had a different machine running kali.