Tags: exiftool forensics binwalk
Rating:
# The Missing Journalist - Forensics
Author - [Sanjay Baskaran](http://github.com/sanjaybaskaran01)
Requirements: Binwalk,exiftool
(If any of the images aren't loading, please check the original [writeup](https://github.com/csivitu/CTF-Write-ups/tree/master/Deconstruct.f/Forensics/The%20Missing%20Journalist))
---
## Source
```
It's been a year since you've been a private investigator and you've made quite a name for yourself. You sit there thinking about all the weird cases you've managed in the last year when suddenly, a person bursts through your door saying something about her missing husband. You finally gather that her husband, a renowned journalist who was tracking down a serial killer has suddenly gone missing since last night. The hysterical wife has provided you with a picture of how he looks like. Do you take the case?
```
![](https://raw.githubusercontent.com/csivitu/CTF-Write-ups/master/Deconstruct.f/Forensics/The%20Missing%20Journalist/the_journalist.gif)
## Exploit
Running the command `strings the_journalist.gif` gave us
As you can see there was a hidden directory `message/`, We used binwalk to extract the hidden files in the GIF. The PDF present inside was password protected.
Running exiftool on the GIF gave us
which seemed to be a base64 encoded string
Decoding it got us "`h3_w45_l45t_s33n_4t_th4_m0v135`" and voila! this was the password of the PDF and that finally gave us..
The flag:
```
dsc{1_f0und_h1m_4nd_h35_my_fr13nd}
```