Played with Balsn, and get 4th this time.
I have to construct my payload more carefully, wasted too much time on debugging.
This is not a writeup for reading, just a kind of reminder for myself.
binwalk --dd=".*" space.dd
formostwould extract the same png, but missing the most important part !!
- The password of rar is concated after the keyword
IENDof each png
- mount the dd
mount -o loop space.dd /mnt/tmp
- scan for searching deleted files
also my solution
this is interesting
It’s persuasive, because
This should be more efficiency ？
This is the first thought came to my mind, did not find this solution on CTFtime’s wirteup.
But the writeup released by team ranked 2nd and 3rd are this kind.