This matches the encryption password for the inner ZIP. unzip inner.zip # prompts for password: JustInsertIt_Again_2 flag.txt contains: CTF{1ns3rt_th3_stuff_4g41n_2c5f8a} 5. Alternative Route (if steganography intended) If data.bin was an image renamed: mv data.bin data.jpg → open in stegsolve or run zsteg :
zsteg data.bin May reveal hidden text in LSB: b1,rgb,lsb,xy → flag partially.
binwalk -e data.bin Or manually:
dd if=data.bin of=inner.zip bs=1 skip=1024 Inner ZIP contains a single file: flag.txt (encrypted). Hidden file in listing. cat .hidden shows: password: JustInsertIt_Again_2
Archive: JustInsertTheStuff -2-.zip Length Date Time Name --------- ---------- ----- ---- 127 2024-01-01 00:00 readme.txt 2048 2024-01-01 00:00 data.bin 1024 2024-01-01 00:00 .hidden No password protection. Unzipping yields three files. readme.txt Contains: "You inserted the stuff last time. Now insert it again. But smarter." Base64? ROT13? Try ROT13: Lbh vafregrq gur fghfg yngvfg gvzr. Abj vafregg vg ntnva. Ohg fznegre. → Decodes to: "You inserted the stuff last time. Now insert it again. But smarter." (No flag, just a hint.) data.bin Binary file. Running strings data.bin reveals: PK (ZIP header) near the end. JustInsertTheStuff -2-.zip
file JustInsertTheStuff\ -2-.zip Zip archive data, at least v2.0 to extract
unzip -l JustInsertTheStuff\ -2-.zip
The naming -2- suggests this is the second version of a previous challenge ( JustInsertTheStuff.zip ), likely with added obfuscation or a different hiding technique. First, basic file inspection:
Here’s a write-up for the file , written in the style of a cybersecurity capture-the-flag (CTF) or reverse-engineering challenge analysis. Write-Up: JustInsertTheStuff -2-.zip 1. Challenge Overview File Name: JustInsertTheStuff -2-.zip Type: Forensics / Steganography / Scripting (presumed) Goal: Extract hidden flag from the ZIP’s internal structure or embedded data. This matches the encryption password for the inner ZIP
Extract embedded ZIP: