Skip to main content

Forensics/Steganography

Forensics and Steganography challenges are always fun!

Zip Up Prep Up (Common)#

description
Find the secret hidden in this file.

For this challenge, we are provided with a zip file - flag.zip

Here is the contents of the folder:

Contents

Running the file command on Ubuntu gives the following:

File Types

However, converting flag to flag.txt returns an empty file. I noticed that the .hidden file was not listed in the results from the file command.

Remembering from a previous CTF that Cyberchef can help to decrypt files, I ran the file on Cyberchef and viola!

Flag

Flag: flag{h0wt0unz1pan43xtracta_7ile}

Pretty Sunset (Rare)#

description
I took a tree-mendous amount of time taking this photo. ๐Ÿ˜‰

For this challenge, we are given a .jpg file - PrettySunset.jpg

Here is a look at the picture:

Photo

I decided to run this using an online steganography tool and Viola!

flaghidden

Note: I missed this flag 3 times cause it was reallllly hidden like a pro

Flag: flag{Hidden_l1ke_a_pro}

T-Rex? (Rare)#

description
Find a password that starts with "A".The third character must be "t".The password must end with "o".The third last character must be a number between 0 to 9.

We are given a zip file for the challenge - 33333pass.zip

Inside the zip file contains a text file - 33333pass.txt

I managed to solve this using the following script:

script
file = open("wordlist","r")number_list = ["1","2","3","4","5","6","7","8","9","0"]for line in file:    word = line.strip()    if word[0] == "A" and word[2] == "t" and word[len(word)-1] == "o" and word[len(word)-3] in number_list:        print("flag{"+word+"}")        break

Flag: flag{Aetowoo4ohm7ET0Wee2pheew2Ep4oo}

Simple PDF (Rare)#

description
Find the secret hidden within this PDF file.

For this challenge, a PDF file was provided - Images.pdf

I tried the usual methods of running strings and exiftool on the file, but they gave no real leads.

In the end, I opted to run binwalk on the file and found this:

binwalk

After converting all the files into the correct format, I opened one the picture files and until I found the correct file eventually:

hiddenflag

Flag: flag{h3110_p8f_h1443n}