Run strings Deluded_v0.1_default.zip to look for human-readable text, URLs, or hardcoded flags. 3. Archive Inspection
If there is an executable inside, use VirusTotal to check for known signatures or static analysis tools like Ghidra . 5. Solution & Flag File: Deluded_v0.1_default.zip ...
Based on standard methodologies used in CTF write-ups for ZIP file analysis, such as those found on GitHub and Medium , here is a structured template and investigative guide you can use to develop your write-up: 1. Challenge Overview Deluded v0.1 Category: (e.g., Forensics, Reverse Engineering) Run strings Deluded_v0
If a .git folder exists, use git log to find deleted data or git checkout to move to previous commits where a flag might have once existed. If the ZIP is encrypted, try common passwords
If the ZIP is encrypted, try common passwords or use tools like John the Ripper or hashcat to perform a dictionary attack.
Check if the ZIP is "nested" (a ZIP within a ZIP) or if it has trailing data after the end of the central directory. 4. Detailed Investigation (Potential Paths)