PicoCTF Writeup – m00nwalk2

# Information:

CTF Name: PicoCTF

CTF Challenge: m00nwalk2

Challenge Category: Forensics

Challenge Points: 300

picoCTF 2019

# Used Tools:

  • QSSTV
  • pavucontrol

# Challenge Description:

Revisit the last transmission. We think this transmission contains a hidden message. There are also some clues clue 1clue 2clue 3.

Hints: Use the clues to extract the another flag from the .wav file

# Writeup

Hello, and welcome to another challenge writeup. In this one we are provided with 3 clues and a message. All this files are .wav files. From the challenge m00nwalk we know how to convert .wav files into images. So let’s start by doing that.

Step 1

As in he previous challenge I decided to use QSSTV and pavucontrol because I am on a Linux machine. I launched each of them in the terminal, and then I created a virtual connection between them. (See the post m00nwalk to better understand the steps).

After everything launched and the configuration properly set I simply triggered the tool to start decoding one image at a time.

After they were all finished I was presented with this set of images:

The above 4 images are respectively clue 1, clue 2, clue 3 and message.

We now have the clues, let’s try to make sense of them and get the flag!!

Step 2

The clues are:

  • On the first clue we have “Password hidden_stegosaurus”.
  • On the second clue we have “The quieter you are the more you can HEAR”
  • And finally on the third clue we have “Alan Eliasen the FutureBoy”

I found this set of clues weird at first. I decided to search online for Alan Eliasen the Future Boy and I found this website.

The website has a list of tools developed by “Futureboy”, among these tools we have a Steganography tool.

I think it has something to do with Steganography because, well, first “Steganography is the practice of hiding a secret message in something that is not secret.” (Reference: CompTIA) and also because we have a clue: “hidden_stegosaurus” which also points to that.

I decided to open the link to theSteganography tool. It turns out that this tool uses the “steghide program to perform steganography”.

Step 3

I tried to decode on the website but it was not working with the PNG so I used the WAV. For the password I first tried HEAR, then hear, and no luck. Finally I tried hidden_stegosaurus (which is so obvious I thought it could not be it, but it turns out … it was!) and it worked.

And the flag is:

Show flag
picoCTF{the_answer_lies_hidden_in_plain_sight}


Thank you very much for reading!

Cheers,

MRegra


Share this post:

Popular posts

Leave a Reply

Your email address will not be published. Required fields are marked *