RTCP - BASmati ricE 64
Posted on sam. 25 janvier 2020 in CTF
solves : 38
Point : 150
There's a flag in that bowl somewhere...
Replace all zs with _ in your flag and wrap in rtcp{...}.
We have a nice bowl of rice as the file :
Ok, let's try steghide
to get some information about the file:
$ steghide info rice-bowl.jpg
"rice-bowl.jpg":
format: jpeg
capacity: 3,3 KB
Try to get information about embedded data ? (y/n) y
Enter passphrase:
A password is asked to show the information. Hum, maybe the password is empty:
$ steghide info rice-bowl.jpg
"rice-bowl.jpg":
format: jpeg
capacity: 3,3 KB
Try to get information about embedded data ? (y/n) y
Enter passphrase:
embedded file "steganopayload167748.txt":
size: 21,0 Byte
encrypted: rijndael-128, cbc
compressed: yes
$ steghide extract -sf rice-bowl.jpg
Enter passphrase:
wrote extracted data to "steganopayload167748.txt".
YEAH! We extract with success the file. The content is quite stange:
cat steganopayload167748.txt
�I��Y��;a�x9�
��y��=�
Maybe we don't need to decode, but encode its content. Base64 is a good start to try with it:
$ cat steganopayload167748.txt| base64
s0m3t1m35zth1ng5zAr3z3nc0D3d
$ cat steganopayload167748.txt| base64 | sed 's/z/_/g'
s0m3t1m35_th1ng5_Ar3_3nc0D3d
And we got the flag : rtcp{s0m3t1m35_th1ng5_Ar3_3nc0D3d}
.