← Back to Mission Control

📁 File Forensics

File extensions are just labels — they can lie! A file called photo.jpg doesn't have to be a photo. In this mission, you'll investigate what files really are.

0/6 solved · 0/120 pts

🔧 Tools You'll Need

📝

Notepad — Opens any file as text. Search "Notepad" in the Start menu. To open a file in Notepad: right-click → Open with → Notepad.

📦

File Explorer — Shows file names and properties. Right-click a file → Properties to see its size and type.

🗜️

ZIP files — Windows can open .zip files by double-clicking (no extra software needed).

Tip: To see file extensions (like .jpg or .txt) in File Explorer, click View → Show → File name extensions (Windows 11) or View → File name extensions (Windows 10).

Someone sent us a photo, but the image viewer won't open it. Something's wrong with this "image" — it's not really an image at all.

📥 Download fake-photo.jpg
Try opening it in the Photos app — it will fail. Then try opening it in Notepad (right-click → Open with → Notepad). What does it really contain?

It's a text file that was renamed to .jpg to disguise itself. When you open it in Notepad, you'll see plain text — including the flag.

✓ It was text all along! Changing the extension doesn't change what a file really is — it's just a disguise.

ZIP files are like envelopes — they contain other files inside. Download this ZIP archive and open it. The flag is hidden inside one of the files within it.

📥 Download secret-files.zip
Double-click the .zip file in File Explorer to open it, then explore the files inside.

There are three files inside the ZIP. One of them is called flag.txt. Open that one in Notepad to find the flag.

✓ Found it in the ZIP! ZIP files are containers — always check what's inside, not just the outer file.

Here's something surprising: a Microsoft Word document (.docx) is secretly a ZIP file in disguise! Rename it to .zip and open it — you'll find lots of XML files inside, including one with document metadata.

📥 Download mission-report.docx

Download the file. In File Explorer, right-click it and rename it from mission-report.docx to mission-report.zip.

Double-click the .zip to open it. You'll see folders: docProps, word, etc.

Open the docProps folder. Inside is core.xml — open it in Notepad.

Search for agent{ in the XML file to find the flag.

After renaming to .zip and opening, look in the docProps folder. The core.xml file contains document metadata — author, title, and hidden comments.

✓ Every .docx is a ZIP! This is how Word documents actually work. Real investigators use this technique to find hidden metadata in Office documents.

This text file contains an agent's field notes — and at the very end, a hidden flag. The trick? There are hundreds of blank lines in the middle to discourage anyone from scrolling all the way through.

📥 Download agents-notes.txt
Open the file in Notepad, then press Ctrl+End to jump straight to the very bottom of the file. The flag is there.

In Notepad, pressing Ctrl+End jumps to the last line of the file immediately. The flag is on one of the last few lines.

✓ Hidden in plain sight, just far away! Always check files from both ends — beginning AND end.

This file is called mystery-file.png and opens as an image. But it's also a valid ZIP file at the same time — a polyglot file. Investigate both identities to find the flag.

📥 Download mystery-file.png

✓ A true polyglot! Polyglot files are used in security research (and occasionally malware) — they exploit the fact that different programs parse files differently.

This archive contains a folder of "mission files" — but most of them are decoys. One file is easy to miss. Find it and extract the flag.

📥 Download mission-folder.zip

✓ Hidden files! On Mac and Linux, any file starting with . is invisible in normal views. Real investigators always check for hidden files when analysing a system.