RTCP - BASmati ricE 64

Posted on sam. 25 janvier 2020 in CTF

solves : 38

Point : 150

There's a flag in that bowl somewhere...

Replace all zs with _ in your flag and wrap in rtcp{...}.

We have a nice bowl of rice as the file :

rice-bowl.jpg

Ok, let's try steghide to get some information about the file:

$  steghide info  rice-bowl.jpg
"rice-bowl.jpg":
  format: jpeg
  capacity: 3,3 KB
Try to get information about embedded data ? (y/n) y
Enter passphrase:

A password is asked to show the information. Hum, maybe the password is empty:

$  steghide info  rice-bowl.jpg
"rice-bowl.jpg":
  format: jpeg
  capacity: 3,3 KB
Try to get information about embedded data ? (y/n) y
Enter passphrase:
  embedded file "steganopayload167748.txt":
    size: 21,0 Byte
    encrypted: rijndael-128, cbc
    compressed: yes
$ steghide extract -sf rice-bowl.jpg
Enter passphrase: 
wrote extracted data to "steganopayload167748.txt".

YEAH! We extract with success the file. The content is quite stange:

cat steganopayload167748.txt                        
�I��Y��;a�x9�
��y��=

Maybe we don't need to decode, but encode its content. Base64 is a good start to try with it:

$ cat steganopayload167748.txt| base64                
s0m3t1m35zth1ng5zAr3z3nc0D3d
$ cat steganopayload167748.txt| base64 | sed 's/z/_/g'
s0m3t1m35_th1ng5_Ar3_3nc0D3d

And we got the flag : rtcp{s0m3t1m35_th1ng5_Ar3_3nc0D3d}.

hack learn ctf rtcp rice tea cat panda forensics image jpg file