Szczygielka's hacking notes
  • 🚀Welcome
  • 💻Hack The Box Writeups
    • Linux Machines
      • Busqueda
      • Zipping
      • Clicker
      • Pilgrimage
    • Windows Machines
      • Aero
      • Visual
  • 🚩CTFs Writeups
    • KnightCTF 2024
      • OS, Password, IP Addr, Note, Execution, Path of the Executable, Malicious - Forensics
      • Flag Hunt! - Steganography
      • Oceanic - Steganography
      • README - Web
    • TetCTF 2024
      • TET & 4N6 - Misc/Forensics
    • 0xL4ugh CTF 2024
      • Wordpress - 1 - Forensics
      • Wordpress - 2 - Forensics
      • Gamer - 5 - Forensics
    • 1753CTF 2024
      • Resume - Misc
    • UTCTF 2024
      • OSINT 1 - Forensics
      • OSINT 2 - Forensics
      • Contracts - Forensics
      • Survey - Forensics
      • simple signature - Crypto
      • Anti-dcode.fr - Crypto
      • bits and pieces - Crypto
    • RITSEC CTF 2024
      • Curiosity Helped the Cat - Forensics
      • Failed File Transfer - Crypto
      • Dastardly Evil Scientists - Crypto
      • Secret Door - Misc
      • Guess – Reversing
    • Cyber Apocalypse 2024: Hacker Royale
      • Russian Roulette - Blockchain
      • Recovery - Blockchain
      • Primary Knowledge - Crypto
Powered by GitBook
On this page
  • Task
  • Solution
  1. CTFs Writeups
  2. KnightCTF 2024

Oceanic - Steganography

PreviousFlag Hunt! - SteganographyNextREADME - Web

Last updated 1 year ago

Task

The flag is somewhere in the deep.

Solution

We get the following file:

szczygielka@hacks$ file challenge.tar                                            
challenge.tar: POSIX tar archive (GNU)

Let's unpack the archive:

szczygielka@hacks$ tar -xvf challenge.tar 
clue.jpg
peaceful.wav

After unpacking the archive, we get two files: clue.jpg and peaceful.wav. The first one probably shows the ocean:

Let's check this file with exiftool whether it contains any interesting metadata:

szczygielka@hacks$ exiftool clue.jpg  
ExifTool Version Number         : 12.57
File Name                       : clue.jpg
Directory                       : .
File Size                       : 20 kB
File Modification Date/Time     : 2024:01:04 06:25:01-05:00
File Access Date/Time           : 2024:02:10 14:40:18-05:00
File Inode Change Date/Time     : 2024:02:10 14:40:18-05:00
File Permissions                : -rw-r--r--
File Type                       : JPEG
File Type Extension             : jpg
MIME Type                       : image/jpeg
JFIF Version                    : 1.01
Resolution Unit                 : inches
X Resolution                    : 300
Y Resolution                    : 300
Comment                         : 8qQd3iMYmtsyto7aXUuw1KVRpQFCRxqRtJiRgP85e36y
Image Width                     : 612
Image Height                    : 344
Encoding Process                : Progressive DCT, Huffman coding
Bits Per Sample                 : 8
Color Components                : 3
Y Cb Cr Sub Sampling            : YCbCr4:4:4 (1 1)
Image Size                      : 612x344
Megapixels                      : 0.211

There is a string in the Comment field that appears to be encoded. Let's try to decode it using CyberChef:

It turns out that the string was encoded using Base58. The decoded string seems to be a hint for the task:

theoceanisactuallyreallydeeeepp

Let's look at the second file, peaceful.wav. The audio recording contains the sound of waves.

After entering the password, we can see that the peaceful.wav contains the flag.png file:

Let's extract the flag.png file. The file content looks like this:

After checking the strings in the flag.png file, we find the flag:

szczygielka@hacks$ strings -a flag.png | grep "KCTF{"
KCTF{mul71_l4y3r3d_57360_ec4dacb5}

Flag:

KCTF{mul71_l4y3r3d_57360_ec4dacb5}

After analyzing the hint contained in the clue.jpg file, as well as the information found on , we can assume that another file has been hidden in the audio file, and to unpack it we have to use the DeepSound tool. After uploading the file, we are asked for a password. Let's try to use the decoded hint from the clue.jpg file as a password:

🚩
HackTricks