PicoCTF Writeup – information

# Information:

CTF Name: PicoCTF

CTF Challenge: information

Challenge Category: Forensics

Challenge Points: 10

picoCTF 2021.

# Used Tools:

  • Linux
  • exiftool
  • Base64

# Challenge Description:

Files can always be changed in a secret way. Can you find the flag? cat.jpg

Hints:

Hint 1
Look at the details of the file
Hint 2
Make sure to submit the flag as picoCTF{XXXXX}

# Writeup:

Hello, and welcome to another picoCTF challenge write-up. First, I downloaded the image (that you can obtain under “Description”).

Step 1:

In this picoCTF, we are searching for information hidden in the image. For that, we have downloaded the tool exiftool¹ to see the image metadata².
To install the exiftool we have used the following command:

Once the tool was installed, we used it like so:

We saw in the image above that there where some weird information, in particular in License and Current IPTC Digest. It look to us like base64. We decided to try that theory…:

Step 2:

We used the Base64 decoder to decode the content stored in “Current IPTC Digest” which was: 7a78f3d9cfb1ce42ab5a3aa30573d617
But the output was no flag.
Finally, we used the Base64 decoder to decode the content stored in “License” which was: cGljb0NURnt0aGVfbTN0YWRhdGFfMXNfbW9kaWZpZWR9
And there was our flag.
You can see this last attempt in the image below.

The flag:

Show flag
picoCTF{the_m3tadata_1s_modified}

Footnotes:
¹The exiftool is a tool used to read, write (among other things) metadata on images, pdfs and others.

²The metadata gives information about the data of a file. Information like: date; location; file type; among other things.


Thank you very much for reading!

Cheers,

SoBatista


Leave a Reply

Your email address will not be published. Required fields are marked *