Dec 13 2011 4:40PM GMT
Posted by: Dan O'Connor
can you crack it, can you crack it solution, canyoucrackit solution
Can you crack it (Part 4)
Posted by: Dan O'Connor
can you crack it, can you crack it solution, canyoucrackit solution
I tried running the file.exe created, it does not appear to do anything. It’s important but I don’t know what to do with it just yet.
The thing I find odd was the hex was given in a png, that’s worth checking out.
I have both sets of files on my SIFT Workstation. I will start with my favorite tools.
strings
strings cyber.png | less
Take a look in the file, here is something worth looking at.
]iTXtComment QkJCQjIAAACR2PFtcCA6q2eaC8SR+8dmD/zNzLQC+td3tFQ4qx8O447TDeuZw5P+0SsbEcYR 78jKLw==2
That looks like unicode. Lets look at the png’s metadata.
exiftool cyber.png
Comment : QkJCQjIAAACR2PFtcCA6q2eaC8SR+8dmD/zNzLQC+td3tFQ4qx8O447TDeuZw5P+0SsbEcYR.78jKLw==
Down at the end is what we are looking for in the Comment section.
That definitely is Unicode. I have a script around to decode that somewhere for part 5..
Comment
RSS Feed
Email a friend
