先用文本编辑器打开看一下,计数器显示有两个flag
,怀疑可能是合成文件
使用binwalk 工具进行分析
➜ ~ binwalk ada.jpg
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 JPEG image data, JFIF standard 1.01
30 0x1E TIFF image data, big-endian, offset of first image directory: 8
5236 0x1474 Copyright string: "Copyright Apple Inc., 2018"
218773 0x35695 Zip archive data, encrypted at least v2.0 to extract, compressed size: 34, uncompressed size: 22, name: flag.txt
218935 0x35737 End of Zip archive, footer length: 22
分离文件
-e,--extract 自动提取已知的文件类型
➜ ~ binwalk -e ada.jpg
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 JPEG image data, JFIF standard 1.01
30 0x1E TIFF image data, big-endian, offset of first image directory: 8
5236 0x1474 Copyright string: "Copyright Apple Inc., 2018"
218773 0x35695 Zip archive data, encrypted at least v2.0 to extract, compressed size: 34, uncompressed size: 22, name: flag.txt
218935 0x35737 End of Zip archive, footer length: 22
得到两个文件,压缩包需要密码,txt文档是空的,先暂时搁浅
查看图片信息发现相机型号
按16进制字符处理可以得到可读文本
猜测,应该就是刚才需要的压缩包密码,输进去之后得到flag.txt(2)