87 words
1 minute
BITSCTF 2026 - Marlboro - Forensics Writeup
2026-02-22
Writeup
CTF
/
Security
/
Forensics

Category: Forensics

Flag: BITSCTF{d4mn_y0ur_r34lly_w3n7_7h47_d33p}

Challenge Description#

Given SaveMeFromThisHell.zip containing Marlboro.jpg. Clues: smoke/fire + “programming language from hell”.

Analysis#

  1. binwalk Marlboro.jpg → ZIP appended at offset 3754399 (0x39499F)

  2. Extract → smoke.png and encrypted.bin

  3. exiftool smoke.png → Author: aHR0cHM6Ly96YjMubWUvbWFsYm9sZ2UtdG9vbHMv (Malbolge tools URL)

  4. zsteg -a smoke.pngKEY=c7027f5fdeb20dc7308ad4a6999a8a3e069cb5c8111d56904641cd344593b657

Solution#

# Carve ZIP from JPEG
python -c "data=open('Marlboro.jpg','rb').read();open('smoke.zip','wb').write(data[3754399:])"


unzip smoke.zip


# Get key from zsteg
zsteg -a smoke.png


# XOR decrypt
python -c "from pathlib import Path; key=bytes.fromhex('c7027f5fdeb20dc7308ad4a6999a8a3e069cb5c8111d56904641cd344593b657'); enc=Path('encrypted.bin').read_bytes(); Path('decrypted.bin').write_bytes(bytes(b ^ key[i % len(key)] for i,b in enumerate(enc)))"


# Execute Malbolge
python -m pip install malbolge
python -c "import malbolge; print(malbolge.eval(open('decrypted.bin').read().splitlines()[-1]))"
BITSCTF 2026 - Marlboro - Forensics Writeup
https://fuwari.vercel.app/posts/50/bitsctf-2026-marlboro-forensics-writeup/
Author
Light
Published at
2026-02-22
License
CC BY-NC-SA 4.0
BITSCTF 2026 - rusty-proxy - Web Exploitation Writeup
BITSCTF 2026 - Bank Heist - Blockchain Writeup
© 2026 Light. All Rights Reserved. / RSS / Sitemap
Powered by Astro & Fuwari