information (picoCTF 33)

Challenge Author: SUSIE

Category: Forensics

Difficulty: Easy

Description

Files can always be changed in a secret way. Can you find the flag?

Process / Notes

  1. wget the file (cat.jpg)
  2. file, cat, strings, hexdump | grep -i 'pico'
  3. There is a ‘picoCTF’ line or two in there!
  4. exiftool
  5. The ‘Current IPTC Digest’ seems like it may be hex encoded, and ‘License’ seems like it may be base64 encoded
  6. base64 -d the license one and it revealed the flag!
  7. Checking the other out of curiosity – doesn’t seem like anything was there

4 minutes 25 seconds to complete

Hints

Core Lessons

  1. Know how to access a file’s meta-data with a tool like ’exiftool’
  2. Recognize base64 encoding
  3. Know how to decode base64 into plain-text