PicoCTF Writeup – information
# Information:
CTF Name: PicoCTF
CTF Challenge: information
Challenge Category: Forensics
Challenge Points: 10
picoCTF 2021.
# Used Tools:
- Linux
- exiftool
- Base64
# Challenge Description:
Files can always be changed in a secret way. Can you find the flag? cat.jpg
Hints:
# Writeup:
Hello, and welcome to another picoCTF challenge write-up. First, I downloaded the image (that you can obtain under “Description”).
Step 1:
In this picoCTF, we are searching for information hidden in the image. For that, we have downloaded the tool exiftool¹ to see the image metadata².
To install the exiftool we have used the following command:
Once the tool was installed, we used it like so:
We saw in the image above that there where some weird information, in particular in License and Current IPTC Digest. It look to us like base64. We decided to try that theory…:
Step 2:
We used the Base64 decoder to decode the content stored in “Current IPTC Digest” which was: 7a78f3d9cfb1ce42ab5a3aa30573d617
But the output was no flag.
Finally, we used the Base64 decoder to decode the content stored in “License” which was: cGljb0NURnt0aGVfbTN0YWRhdGFfMXNfbW9kaWZpZWR9
And there was our flag.
You can see this last attempt in the image below.
The flag:
Footnotes:
¹The exiftool is a tool used to read, write (among other things) metadata on images, pdfs and others.
²The metadata gives information about the data of a file. Information like: date; location; file type; among other things.
Thank you very much for reading!
Cheers,
SoBatista