Rating: 0

# Rabbit Hole

> Here's a picture of my favorite vegetable. I hope it doesn't make you cry.

## The setup

We get a simple jpg of an onion. We know it's stego so I started poking there. It took me a very very large amount of time to find it, even thought the fact that it's a jpg seriously limited the possbilities.

## The solving

### Part 1: Extracting from jpg

It ended up being an image processed with steghide. Now all I needed was the password. After some trial and error and remembering the harshells debacle, I ended up trying 'onion' which was correct. I then got a textfile containing a seemingly random string of printable chars.

### Part 2: Onion

The name is a give away: it's a website on the onion network which can be accessed through tor. Not necessarily eager to venture there, I used a web proxy to access the page, which turned out to be a gigantic chunk of chinese characters, as well as some gifs.

Almost. Decoding the blob using base65536 and ddumping it in a binary file finally gave us something recognizable: a PKZIP file. Upon opening it, I was greeted by some dubious ebook which, quite frankly, I simply wans't equipped to deal with at the taime of the night. I had an instant regret the next morning when I simply ran strings on the file and immediately got the flag.