FrigidSec: Forensics Challenge Write-up

Hello pal’s !

This is the story of Hannah, Hannah baker may Hannah also know about (.wav) file instead of using tapes...……

Get to the point, it is a forensic write-up which starts from here:-}

I got this challenge from one of my college mate a week ago on WhatsApp group, listening through the audio file it’s a cool song with knowledgeable rap about (.wav) extension. Let’s dive into it.

So it all start with a huge audio file named MaroonDareFiveFSec.wav

Without any guess I first put this file on DeepSound app because of its extension(.wav). After extracting I got a MS Word file from this audio file named Hey.docx.

When opening Hey.docx it consists of 200 pages(approx.) full of encoding and the intro page looks like this:

After reading this hint I can proceed further and from the next page our image starts in form of encoding.(I apologize for not providing whole encoding due to its big size). But you can make a guess by viewing this :-

So, after reviewing it 2 or 3 times I decided to go with Base64 and head over to Base64Guru and got this….

A zip file as shown in above screenshot and by extracting got a text file.

Opening this temp.txt file again a lot of encoding ><.

It is just a piece of encoding not whole

My brain is pinging me where is the image and again I took a shot with Base64Guru. Voilà !

But sadly this is not the end I forgot that it is not a flag then, I head over to image steg.

Note-There are many image stenography tools available on internet but choose wisely for a particular approach/extension file.

Using steghide tool (Kali Linux) i got another JPG file named frigid.jpg but this time it is corrupted when looking through its magic bytes it didn't match with JFIF/JPEG/JPG so by correcting it with help of hexedit, now frigid.jpg is viewable.

Now there is a twist!

After spending 2–3 hrs on this image i didn't get much info because i forgot to pay attention to real character in the whole steg process. By doing steghide nothing came up.

So, remember our intro page ….????

It said about password then my mind hit me with the idea of using stegcracker that is the one i didn't try.

But it requires a word list to operate so head on to crunch tool because i had parameters to create wordlist as mentioned above in screenshot. Every time brute-force is not the option. #Time_matters

Using stegcracker with custom wordlist i finally got my flag in form of frigid.jpg.out.

Hurrah !

Good job ! So here is the flag…

F-Sec{1_g3t_h33b13_j33b1es_wh3n_d01ng_f0r3ns1cs_b77b7d86c10c}

It was a nice challenge and really enjoyed it!

Stay Hunting 💻

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store