 What's up guys and welcome back to another YouTube video still looking at the Kaisen CTF and now we're moving on to the zippity challenge in the forensic section I just wanted to showcase and kind of demonstrate this challenge for you one that we were able to solve during the competition Challenge is called zippity. It's in a forensics category and the challenge prompt is my friend sent me this message in this archive But I can't seem to unzip it. Can you help so we get the zip archive and I'll go ahead and create it directory for it zip D Save here and we'll take a look at this in our terminal Go ahead and unzip the one we archive that we have and it says unzip me if you can 7 zip so okay 7 zip archive I Know whoa, it's it's considered to be data though. That's weird I went ahead and use this through my file explorer So I can just use the archive manager to try and do this for me Just because I don't know a command off the top of my head to use 7 zip and an error occurred while loading the or the archive Holy crap. Okay. This has to be the challenge itself here then just being able to unzip the archive It was weird though that file saw that it was data So I'm curious. Does it have the correct like header? Does it have the correct? File magic number for a 7 zip archive. So I take a look at it. I had a friend just walk in the room Apologize for my strange delay there When you open it in a hex editor, you see that interesting thing that the first couple of bytes are One it two three four which is very clearly not what they should be at least We're kind of assuming that considering it strictly one two three four that's got to be a gig So what we can do is we can take a look at that seven zip file header You see it's even in my Google research like stuff here. There's a Google zip file format and I'm trying to look for what are the magic numbers and Okay, it says there are some here. That's not really in a format that I like. Oh This is just zip. That's not that's not what I want. I wanted seven zip. So file signatures over here Again, this is something I've looked at before you can see the link is visited So I Google I searched for seven zip and I get this seven zip compressed file And it looks like the headers here are three seven seven a BC af two seven one see so well We saw the two seven one scene here. We see that over here, but now we have to correct this to be the Move back over there and zoom in a bit seven zip It has to be three seven seven a BC af Then two seven one see so we can save that control. Oh, and we'll name it as whatever we want I suppose win dot seven Z Off it wants to keep it. Yeah, we can save it Okay, now it's saved I'd use control X or control O to save and right as now you can see in the ASCII portion of it does Spill out seven Z which is what it should be so we can go ahead and now try and unzip this I'll use Nautilus again to open it with the file manager and we can finally open it in our archive manager and we can extract out this flag dot text And it is kaizen magic numbers are important. So Not too difficult just took a little bit of interesting reconnaissance with the file command to determine that it is A data to begin with but then when we take a look at it in hex It had initially a strange magic number the very start of the files hex bytes So we can change that to what it should be according to the file format being a seven zip archive and Then we're able to open it up and extract a fat of it like a normal archive file So cool. Keep that in mind of magic numbers are Important to actually being able to identify and work with a specific file format. So this looks like a really good table It has file format for just about everything. That's that's awesome. So Sweet. Hope you guys enjoyed it Want to show off that challenge and hopefully a few more hope you're enjoying these couple of videos for the kaizen ctf And I'll see you in a later video