hideme

~# cat Question

Every file gets a flag. The SOC analyst saw one image been sent back and forth between two people. They decided to investigate and found out that there was more than what meets the eye here.
FILE: flag.png

Since this file was a png file, I used exiftool to carve out any other files that are hidden. Using the -e to extract, low and behold we have extracted different hidden files.

┌──(tev㉿kali)-[~/pico]
└─$ binwalk -e flag.png        

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             PNG image, 512 x 504, 8-bit/color RGBA, non-interlaced
41            0x29            Zlib compressed data, compressed
39739         0x9B3B          Zip archive data, at least v1.0 to extract, name: secret/
39804         0x9B7C          Zip archive data, at least v2.0 to extract, compressed size: 2858, uncompressed size: 3015, name: secret/flag.png
42897         0xA791          End of Zip archive, footer length: 22

Upon extracting I got _flag.png.extracted, and discovered a secret directory in it. The secret directory contains yet another intriguing file flag.png.

┌──(tev㉿kali)-[~/pico]
└─$ cd _flag.png.extracted       
                                                                                   
┌──(tev㉿kali)-[~/pico/_flag.png.extracted]
└─$ ls
29  29.zlib  9B3B.zip  secret
                                                                                   
┌──(tev㉿kali)-[~/pico/_flag.png.extracted]
└─$ cd secret             
                                                                                   
┌──(tev㉿kali)-[~/pico/_flag.png.extracted/secret]
└─$ ls
flag.png

To see what is inside flag.png, we can use eog, to view the flag.png. This will give us the flag.

┌──(tev㉿kali)-[~/pico/_flag.png.extracted/secret]
└─$ eog flag.png

Flag: picoCTF{Hidding_An_imag3_within_@n_ima9e_96539bea}

PreviousPcapPoisoning Nextwho is it

Last updated 7 months ago