View file in hex:

00000000  FF D8 FF E0 00 10 4A 46 49 46 00 01 01 00 00 01  ÿØÿà..JFIF......
00000010  00 01 00 00 FF FE 00 3B 20 20 20 20 20 20 20 20  ....ÿþ.;        

[...]

0000CB80  AB D1 5D 7F DA 93 FE 5F C7 FE 00 1F FF D9 50 4B  «Ñ].Ú“þ_Çþ..ÿÙPK
0000CB90  03 04 14 00 02 00 08 00 F4 02 9F 41 D4 50 D9 9C  ........ô.ŸAÔPÙœ
0000CBA0  E3 2D 00 00 99 2E 00 00 08 00 1C 00 20 20 20 20  ã-..™.......    
0000CBB0  20 20 20 20 55 54 09 00 03 8B 4B E1 50 8C 4B E1      UT...‹KáPŒKá
0000CBC0  50 75 78 0B 00 01 04 E8 03 00 00 04 E8 03 00 00  Pux....è....è...
[...]

We will focus to file signature, FF D8 FF E0 00 10 4A 46 49 46 is JPEG. 50 4B 03 04 is PKZIP. Try extract, in Windows, seem to be error, file can't read. Because file name has white space, we try extract in Linux.

$ unzip spamcarver.jpg

# rename file to display name
$ mv \ \ \ \ \ \ \ \ newfile.new 

$ file newfile.new
newfile.new; JPEG image data, JFIF standard 1.01

Open newfile.new with image viewer program to see flag.

西普CTF-Spamcarver-以夕阳落款

Flag:

温馨提示: 此处内容需要评论本文后刷新才能查看,支付2元即可直接查看所有Flag。

小广告:关于获取西普实验吧所有Flag请点击这里查看索引

查看所有Flag文章需要输入密码,需要获取文章密码的童鞋请扫描下面微信或支付宝二维码捐助至少2元(老哥,捐多捐少是个缘分)之后发送支付凭证号联系我获取,Flag大全地址:Flag大全

新功能:捐款的小伙伴请联系我把自己的注册邮箱加入网站白名单,可以免回复看到本站所有Flag

PS:本站不是实验吧的官方站点,纯粹是个人博客,收取Flag费用仅是维持服务器费用,做站不易,且行窃珍惜!

微信二维码:
支付宝二维码: