Preparation.zip — Mirai--39-s Exam

: Recover the hidden flag/information within the provided ZIP archive. 1. Initial File Analysis

This write-up covers the analysis and solution for the forensics challenge involving the file "Mirai--39-s Exam Preparation.zip" (commonly appearing as "Mirai's Exam Preparation.zip"). Challenge Overview Mirai--39-s Exam Preparation.zip : Forensics / Steganography

If prompted for a passphrase, try the ZIP password or strings found in the text files. 4. Hex/Strings Analysis Search for the flag format (e.g., ) within the binary data. strings Mirai-- -s\ Exam\ Preparation.zip | grep Use code with caution. Copied to clipboard Mirai--39-s Exam Preparation.zip

The first step in any forensics challenge is to examine the file type and structure. File Check : Using the command confirms it is a standard ZIP archive. Listing Contents to view the contents. Typically, this challenge contains multiple files, such as exam_notes.txt , or other school-related documents. Integrity Check zipdetails -v

. Look for "Artist," "Comments," or "Description" tags that might contain the flag or a hint. Hidden Data (Steghide) : If an image like is present, check for hidden data using: steghide extract -sf mirai.png Use code with caution. Copied to clipboard : Recover the hidden flag/information within the provided

In many versions of this challenge, the flag is hidden in one of two ways: Inside a hidden file : A file named or similar that isn't visible in standard file explorers. String Concatenation : The flag is split across multiple files' metadata. Flag Format Example flagm1r4i_p4ssed_th3_3x4m

can reveal if there are multiple files concatenated or hidden data appended to the end of the ZIP. 2. ZIP Password Recovery Challenge Overview Mirai--39-s Exam Preparation

If the ZIP file is encrypted (which is common for this specific challenge), you will need to crack the password. John the Ripper fcrackzip -u -D -p rockyou.txt Mirai-- -s\ Exam\ Preparation.zip Use code with caution. Copied to clipboard Expected Result

: The password is often related to "Mirai" or a simple common password found in the 3. Deep Dive into Extracted Files Once extracted, focus on the individual files: Metadata Analysis : Check the EXIF data of any images using