197 words
1 minute
EYCC 2025 — Forensics Challenges
2025-09-07
Write-ups
DFIR
/
CTF
/
Write-up
/
EYCC

EYCC 2025 — Forensics Challenges#

Forensics Banner

Hi there! This write-up covers the Egyptian Youth Cybersecurity Competition (EYCC) Forensics challenges that I managed to solve, with the steps taken to find each flag.

Let’s get started!

First Challenge: Paper Trail#

We were given a PDF file named secret.pdf, which appeared completely blank.
I checked its metadata using exiftool and immediately found the flag.

Exiftool Output

Second Challenge: Fractured Memory#

We were given a password-protected ZIP file named CUNTISSIMO.

First, I created a hash of the ZIP password using zip2john:

Terminal window
zip2john CUNTISSIMO > hash.txt

Then I cracked the password using JohnTheRipper:

Terminal window
john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt

John successfully cracked the password: 123456789

After unzipping the archive, a file named CUNTISSIMO was extracted. I examined it with the file command and found that it was a JPEG, but opening it showed that it was corrupted.

To investigate, I checked the file in a hex editor and noticed the header was incorrect:

Hex Header

The correct JPEG header should be:

FF D8 FF E0

I fixed the header manually, and the image was successfully repaired:

Repaired Image

The patched image revealed an encoded string that looked like Base32, so I decoded it using DCode.

Decoded Base32

And here’s the flag!

That was all! Don’t forget to check my other write-ups for the Web, Crypto, and OSINT challenges.

EYCC 2025 — Forensics Challenges
https://ssumix.vercel.app/posts/eycc/dfir-eycc-write-up/
Author
0xSky
Published at
2025-09-07
License
CC BY-NC-SA 4.0
EYCC 2025 — OSINT Challenges
EYCC 2025 — Crypto Challenges
© 2026 0xSky. All Rights Reserved. / RSS / Sitemap
Powered by Astro & Fuwari