Secret of the Polyglot (picoCTF 4)

Challenge Author:

Difficulty: Easy

Description

The Network Operations Center (NOC) of your local institution picked up a suspicious file. They’re getting conflicting information on what type of file it is. They’ve brought you in as an external expert to examine the file. Can you extract all the information from this strange file?

Process / Notes

  1. Probably going to need to use the file command. Potentially exiftool as well.
  2. The file is pdf format, but file reveals that it’s a 50x50 png.
  3. cat didn’t do much.
  4. Installing libimage-exiftool-perl (extended exiftool for kali)
  5. Not much in the metadata that seems of note.
  6. Didn’t have permission to run it, and don’t feel like changing that.
  7. It might be a QR code? Using zbarimg
  8. Nothing here, not a bar code.
  9. md5sum? sha256sum? Nothing there either.
  10. Couldn’t grep it for ‘pico’ either.
  11. Installing graphicsmagick-imagemagick-compat.
  12. Using the display command.
  13. That revealed the flag.
  14. But it wasn’t the whole flag! It just looks like the first half.
  15. hd | grep for the other half of the flag with the “}”?
  16. Nothing there, and nothing with another examination of the meta-data.
  17. 26:20 into this challenge, looking up what to do next.
  18. One walkthrough used the strings command.
    • strings reads the text inside a binary or data file.
  19. From another tutorial, it sounds like you can see that a png and a pdf file have both been mashed together when viewing the hex dump (explaining the conflicting file type information in the challenge description). The break between the two is where it says PNG, and PDF later on.
  20. file identifies it as a PNG because the PNG flag comes first in the hex.
  21. Just opening as a pdf by clicking on it gets the other half of the flag.
  22. Deleting this file because it weirds me out.

41 minutes 51 seconds to complete

Hints

  1. This problem can be solved just opening the file in different ways.

Core Lessons

  1. There are many ways to examine a file:
    • cat to look at the text contents
    • file to look at the file type
    • strings to look at the strings within the binary
    • hd to view the hex dump of the file
    • exiftool to examine the meta-data
    • Just opening the file normally.
  2. It may take cycling through a lot of them in order to find the type of information you need.