PicoCTF Writeup – m00nwalk2
# Information:
CTF Name: PicoCTF
CTF Challenge: m00nwalk2
Challenge Category: Forensics
Challenge Points: 300
picoCTF 2019
# Used Tools:
- QSSTV
- pavucontrol
# Challenge Description:
Revisit the last transmission. We think this transmission contains a hidden message. There are also some clues clue 1, clue 2, clue 3.
Hints: Use the clues to extract the another flag from the .wav file
# Writeup
Hello, and welcome to another challenge writeup. In this one we are provided with 3 clues and a message. All this files are .wav files. From the challenge m00nwalk we know how to convert .wav files into images. So let’s start by doing that.
Step 1
As in he previous challenge I decided to use QSSTV and pavucontrol because I am on a Linux machine. I launched each of them in the terminal, and then I created a virtual connection between them. (See the post m00nwalk to better understand the steps).
After everything launched and the configuration properly set I simply triggered the tool to start decoding one image at a time.
After they were all finished I was presented with this set of images:
The above 4 images are respectively clue 1, clue 2, clue 3 and message.
We now have the clues, let’s try to make sense of them and get the flag!!
Step 2
The clues are:
- On the first clue we have “Password hidden_stegosaurus”.
- On the second clue we have “The quieter you are the more you can HEAR”
- And finally on the third clue we have “Alan Eliasen the FutureBoy”
I found this set of clues weird at first. I decided to search online for Alan Eliasen the Future Boy and I found this website.
The website has a list of tools developed by “Futureboy”, among these tools we have a Steganography tool.
I think it has something to do with Steganography because, well, first “Steganography is the practice of hiding a secret message in something that is not secret.” (Reference: CompTIA) and also because we have a clue: “hidden_stegosaurus” which also points to that.
I decided to open the link to theSteganography tool. It turns out that this tool uses the “steghide program to perform steganography”.
Step 3
I tried to decode on the website but it was not working with the PNG so I used the WAV. For the password I first tried HEAR, then hear, and no luck. Finally I tried hidden_stegosaurus (which is so obvious I thought it could not be it, but it turns out … it was!) and it worked.
And the flag is:
Thank you very much for reading!
Cheers,
MRegra