Data? > @Rayz said:

There is matrioshka5> @skullkiddo said:

Yeah, so I’ve gotten to 4, with not the flag and huge hex. Still bugging me what to do with it…

Huge hex??
Hmmm, what is all that??
How would someone check what all that data is? i wonder…

This a big hex string or something else? I’ve put it in a single line and tried xxd but it doesn’t produce a zip or anything that the file command can understand.

Any hints?

someone could kindly give me some suggestions to move forward I’m stuck at the very first step. please pm me and the last challenge to complete misc


I found all the strings and the fake flag. A little tip to go on?


Very well designed challenge in my opinion. Contains tricky parts, but they are all solvable without prior knowledge required (except for the fact that images may contain nested files) and without use of any ‘exotic’ tools.

My whole folder for this challenge had about 17 MB in the end (before cleanup of some duplicates). If you are about to exceed this by far, you are propably on the wrong track.

I’m blocked after matrioshka1.png. Any hints?

Thank you

I’m stuck in Millions of zips and lots of txt but no idea how to continue… Can anybody give me some hint to continue with it, please?


Forget it I have matrioshka4


GPG symmetrically encrypted data (AES cipher)

I don’t know how to proceed now? I’ve tried recovering the pass with john but no luck.

Any hints??



Forgot to remember the simple things. Thanks phneutro for the hint!


So super newbie, got to Matrioshka3, but can’t go any further. Been on this for dayyyyyyyyyyyys now. Can anyone pm me the answer for this stage please?? Thanks :blush:

Stuck on matrioshka4. Brute forcing the supposedly gpg encrypted data seems a dead end after having tried various word lists. Any advice?

@Dethread said:
Stuck on matrioshka4. Brute forcing the supposedly gpg encrypted data seems a dead end after having tried various word lists. Any advice?

As far as i remember, (almost) all passwords are hidden or at least hinted at in the files. Always try to squeeze everything out of every (unique) file you come across.

Got it. All the right things in front of your eyes, remember this.
PM me if you stuck.

I got matrioshka4 but i don’t know what to do after

Awesome challenge!

@PaoloM DM me for a hint if needed

Hi guys, i got so far the fake flag and some hexadecimals, i tried some conversions but i cant figure it out… can you give me some hints about that? Here or in DM if you prefer

@psycoshadw what could you do to find out what the hex represents? Feel free to DM for further hints.

I’m struck after matrioshka4 . I have the gpg encrypted file but how to get the password to decrypt it.

I got the fake flag, any tips on how to proceed with gpg encrypted.

I’m stuck in layer 4, I already got all strings from that file, but I dont know that to do, I tried to convert it to ASCII and more, but nothing. Any hint?


I spent most of my time on this challenge thinking I was missing something, but it turned out to be a hard-to-diagnose issue with gpg.

Bottom line, careful about gpg decrypt after su! For more info: Can't enter passphrase in su session.

Hope this helps pull someone else up from the rabbit hole…