Pragyan 2020 - Pretty Peculiar Pokemon

Posted on mer. 26 février 2020 in CTF

Pretty Peculiar Pokemon (150pts)
Solved by: 12%

First solvers: metusec
Ash is on his mission to become world's best pokemon master. On his way he finds an amazing pokemon named charlizard, which he intends to catch in his pokeball. But he finds out that the last pokeball he had was missing. Maybe some pokemon took it. Can you help ash to find that hidden pokemon to get his pokeball back?
Here's a file you will need on this mission.
But try to find the perfect path, it can be a "timewaste", i assure you.

We have an archive with a lot of files inside:

tree
.
├── pokemon
│   ├── abomasnow.png
│   ├── abra.png
│   ├── absol.png
[...]
│   ├── .pikachu
│   ├── pikachu.png
[...]
│   ├── zweilous.png
│   └── zygarde-50.png
└── pokemondata.pdf

1 directory, 810 files

We need to open the first PDF pokemondata.pdf. A word is used with quote on the description. Let's try it. And it works!

|Name|Type1|Type2|
|---|---|---|
|bulbasaur|Grass|Poison|
|ivysaur|Grass|Poison|
|venusaur|Grass|Poison|

It's 18 pages of Pokemon name and its types. But, one line is strange: bGV0bWVzbGVlcA== (page 18).

$ echo "bGV0bWVzbGVlcA==" | base64 -d
letmesleep

Hum, a new word. Maybe a password for another PDF or file. We found a hidden folder .pikachu with a password protected password may.pdf. But, this word doesn't work.

Maybe something is hidden in one of the Pokemon pictures. Let's short them by size.

$ ls -lSh
total 3936
-rw-r--r-- 1 nlegall nlegall 68K févr. 23 03:24 jigglypuff.png

Ok, huge size for a small picture and all the other files are around 3K. Maybe the word before can be used with steghide to extract some extra file:

$ steghide extract -sf jigglypuff.png
Enter passphrase: 
wrote extracted data to "galf.txt".
$ cat galf.txt
Congrats you found the hidden flag

p_ctf{j!gglypuff_w@n1$_10_$leep_n0w}