Matrioshka

You can pull out all the strings with that popular tool, but not with the default settings.

Very fun challenge! It was difficult at first but after some rethinking I managed to solve it.

My only hint: You don’t need to decompress all the files. Probably you don’t have enough storage to do it.

Type your comment> @Cancerbero said:

Type your comment> @Nick said:

rockyou doesn’t work,What default wordlist to use?
famous binary wordlist?
Any hint? thanks!!

use rockyou, if it works

got it,thanks!!!

I’m stuck in matrioshka4,the flag is not the flag?Any hint?

As for rockyou: didn’t work for me, although the pwd is contained (grep through it and it’s in there). dunno why but wasted some time

overlooked a crucial bit the whole time and almost lost my head … hint: if something isn’t something, it might be something else :wink:

Awesome challenge! The initial part was very confusing,

I’m stuck with something that is not the flag (
Can anyone give me a hint on what I’m missing?

Anyone able to give a hint at the 3->4 step?? I’m running out of disk space and sanity. :tongue:

So, i got matrioshka4, so what i shoul do next. idk :frowning:

Type your comment> @smidgey said:

You can pull out all the strings with that popular tool, but not with the default settings.

Hey thanks for the hint. I got the information you referred but I am stuck now I do not know where will I use that information. Any hints?

Yeah, so I’ve gotten to 4, with not the flag and huge hex. Still bugging me what to do with it…

There is matrioshka5> @skullkiddo said:

Yeah, so I’ve gotten to 4, with not the flag and huge hex. Still bugging me what to do with it…

Huge hex??
Hmmm, what is all that??
How would someone check what all that data is? i wonder…
:slight_smile:

■■■■ @Rayz, it was under my nose all the time. Dit it…

Type your comment> @skullkiddo said:

■■■■ @Rayz, it was under my nose all the time. Dit it…

i’m at the last step , got all the strings already but don’t know which zip it’s referring too lol

Type your comment> @InSanity1O said:

Type your comment> @skulled said:

■■■■ @Rayz, it was under my nose all the time. Dit it…

i’m at the last step , got all the strings already but don’t know which zip it’s referring too lol

Maybe you got all the strings, maybe you didn’t and if you did, some look hexadecimal and might become something else with the right conversion, who knows…

@skullkiddo i already got it thanks ^^

Data? > @Rayz said:

There is matrioshka5> @skullkiddo said:

Yeah, so I’ve gotten to 4, with not the flag and huge hex. Still bugging me what to do with it…

Huge hex??
Hmmm, what is all that??
How would someone check what all that data is? i wonder…
:slight_smile:

This a big hex string or something else? I’ve put it in a single line and tried xxd but it doesn’t produce a zip or anything that the file command can understand.

Any hints?

someone could kindly give me some suggestions to move forward I’m stuck at the very first step. please pm me and the last challenge to complete misc

EDIT:

I found all the strings and the fake flag. A little tip to go on?

Solved

Very well designed challenge in my opinion. Contains tricky parts, but they are all solvable without prior knowledge required (except for the fact that images may contain nested files) and without use of any ‘exotic’ tools.

My whole folder for this challenge had about 17 MB in the end (before cleanup of some duplicates). If you are about to exceed this by far, you are propably on the wrong track.