The first step in any forensics challenge is to verify the file type and examine basic metadata.
The most common solution for this specific file involves . Many CTF creators intentionally modify the height or width values in the PNG header so the image doesn't render correctly or hides the flag at the bottom. Tool : Hex Editor (like HxD or hexedit ). 2022-06-03 11-32-03~2.png
: Locate the IHDR section (usually starts at offset 0x0C ). The four bytes following IHDR are the width, and the four after that are the height. The first step in any forensics challenge is
: Use the file command in Linux to confirm it is indeed a PNG image. Tool : Hex Editor (like HxD or hexedit )
If repairing the header doesn't reveal the flag, the next step is checking for hidden data: