# picoCTF 2022 Write-uppp ###### tags: picoCTF 2022 # Forensics ## <font color=f28500>File types</font> ```This file was found among some files marked confidential but my pdf reader cannot read it, maybe yours can.You can download the file from``` [here.](https://artifacts.picoctf.net/c/329/Flag.pdf) {%hackmd wHSYGZAzTeykwFuyuqLwow %} 修改後的程式只改了第23,24行可以自己看一下 ```nginx= ~ wget https://artifacts.picoctf.net/c/329/Flag.pdf ~ mkdir pdf ~ mv Flag.pdf pdf/ ~ cd pdf/ ``` 執行之後得到一個檔案,用binwalk查看看案類型 ```nginx= $binwalk flag 2 ⚙ DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 100 0x64 bzip2 compressed data, block size = 900k ``` 檔案類型為bzip2壓縮檔,將他解壓 ```nginx= $binwalk flag -e $cd _flag.extracted $binwalk 64 $binwalk -e 64 $lzip -d flag $binwalk flag.out $mv flag.out flag.lz4 $lz4 -d flag.lz4 $binwalk flag $mv flag flag.lzma $lzma -d flag.lzma $binwalk flag $binwalk flag -e $cd _flag.extracted $binwalk 0 $lzip -d 0 $binwalk 0.out -e $cd _0.out.extracted ``` ```nginx= $cat 0 7069636f4354467b66316c656e406d335f6d406e3170756c407431306e5f 6630725f3062326375723137795f32373866316131387d0a ``` 最後 ```nginx= $hex -d 0 picoCTF{f1len@m3_m@n1pul@t10n_f0r_0b2cur17y_278f1a18} ```