File Signatures Broke My Files
Author: Alexander Hillock
Framework Category: Investigate
Specialty Area: Digital Forensics
Work Role: Law Enforcement/CounterIntelligence Forensics
Task Description: Perform file signature analysis.
Scenario
Sergio is complaining that some of his files are broken and he cant figure out why. According to him, critical files are stored within a zip which seems to be stopping him from performing his job. Unfortunately he has forgot the password to that zip and the document he stores it in is broken. I need you to find a fix for the file that has the password used to unlock the zipped folder and get him access to what he needs.
Additional Information
More details and objectives about this challenge will be introduced during the challenge meeting, which will start once you begin deploying the challenge.
You will be able to check your progress during this challenge using the check panel within the workspace once the challenge is deployed. The checks within the check panel report on the state of some or all of the required tasks within the challenge.
Once you have completed the requested tasks, you will need to document the methodology you used with as much detail and professionalism as necessary. This should be done on the documentation tab within the workspace once the challenge is deployed. Below the main documentation section be sure to include a tagged list of applications you used to complete the challenge.
Your username/password to access all virtual machines and services within the workspace will be the following… Username: playerone Password: password123
The username/password used to access the Firewall’s web interface within the workspace will be the following… Username: admin Password: password123
Mission Start
I began this challenge at 1500 hours, on February 19, 2022, with the following meeting:
Sergio Chanel: Hey @playerone! I may have forgot the password to get into my 7-zipped folder which contains very important files that i need. I have all my passwords written on a document file however its just showing weird symbols and one of my pictures just gives me an error message and wont open. I put everything I found that was acting weird on a thumb drive and gave it to Ione. Please fix this for me as soon as you can!!
Ione Leventis: @playerone, I took a quick look at the thumb drive and I may have an idea of what is going on. Get a hex-editor and take a look into those files that aren’t being recognized. I’ve gone ahead and plugged the drive into the Workstation-Desk machine.
Richard LeGrand: @SCHANEL SAYS HE CAN’T GET HIS WORK DONE WITHOUT THESE FILES - MAKE IT HAPPEN
Sergio Chanel: @playerone, please extract each individual file from any folders they’re in and just leave them in the same place my picture and document are if you could, makes it easier for me.
Mission Narrative
I accessed the workstation-desk and examined the files located in the ‘E:/flash drive’. I attempted to open oh.jpg, but observed an error “Couldn’t Open Something Went Wrong.”
I then examined the magic numbers by uploading the file onto https://hexed.it and observed the numbers to be incorrect in accordance with the jpeg file format.
The magic numbers I observed were “EE A9 FB B0 00” and should be “FF D8 FF E0”. I modified the magic numbers, and saved oh.jpg into my /Downloads directory. I was then able to open the file and observe the image.
Next, I examined the Definetlynotpasswords.docx file. I was able to open this file with 7z, and observe archived contents. Inside of the archived contents was a file documents.xml, which contained the password “File$ignature3An4L1sys”.
I was able to use this password to open up the Musthave.7z file, and extract the contents. The extracted contents now exist inside of ‘E;/Musthave’. Sergio requested that I extract the contents from ‘E;/Musthave’ to the E:/, so I did that.
This resulted in all challenge checks being met at 03:53 PM PST on February 20, 2022.
Each NICE Challenge has the following core elements: a narrative-driven scenario, a business environment (workspace), and a set of technical objectives and/or a written deliverable. Each of these elements is developed to immerse the player (student) in a real-world experience and create a valuable set of data allowing their curator (educator) to judge their readiness for the workforce.
About The NICE Challenge Project