CTFtime.org / Quals: Saudi and Oman National Cyber Security CTF / Hack a nice day / Writeup

# Quals Saudi and Oman National Cyber Security CTF 2019 – Hack a nice day

* **Category:** Digital Forensics
* **Points:** 100

## Challenge

> can you get the flag out to hack a nice day. Note: Flag format flag{XXXXXXX}
>
> [https://s3-eu-west-1.amazonaws.com/hubchallenges/Forensics/info.jpg](https://s3-eu-west-1.amazonaws.com/hubchallenges/Forensics/info.jpg)

## Solution

This is a steganography challenge.

![info.jpg](https://github.com/m3ssap0/CTF-Writeups/raw/master/Quals%20Saudi%20and%20Oman%20National%20Cyber%20Security%20CTF%202019/Hack%20a%20nice%20day/info.jpg)

Opening the image with an hexadecimal editor will reveal a string at `0x18`: `badisbad`.

Probably something was hidden inside the image with that passphrase. *steghide* can be used to analyze it.

```
$ steghide --info info.jpg
"info.jpg":
format: jpeg
capacity: 300.0 Byte
Try to get information about embedded data ? (y/n) y
Enter passphrase: badisbad
embedded file "flaggg.txt":
size: 21.0 Byte
encrypted: rijndael-128, cbc
compressed: yes
```

*steghide* can be also used to extract hidden content.

```
$ steghide --extract -sf info.jpg -p badisbad
wrote extracted data to "flaggg.txt".
```

The file contains the flag.

```
flag{Stegn0_1s_n!ce}
```

Original writeup (https://github.com/m3ssap0/CTF-Writeups/blob/master/Quals%20Saudi%20and%20Oman%20National%20Cyber%20Security%20CTF%202019/Hack%20a%20nice%20day/README.md).

Hack a nice day

Comments

Sign in with