Embedded
Forensics | Level 1 - Embedded
Challenge
We have recieved an image that is hiding something. See if you can find the secret.
Solution
Solution Guide
This is a steganography challenge. There are many tools for steg challenges and usually involve trial & error. It's a good idea to first runs the Linux command strings on the file to see what we can find. If you run it on this file, you will see "flag.txt" towards the end. This suggests that there is a hidden file embedded in this PNG image! There are many tools to extract such files with the most common being Binwalk, Zsteg, Foremost, and Outguess (in that order). Let's start with binwalk.
To see potential hidden files inside a file, we can use the command binwalk <file>. Upon running this on our target image, you may see multiple files show up with the most notable being:
1022019 0xF9843 Zip archive data, at least v2.0 to extract, name: flag.txt
It seems that there is indeed a hidden file, specifically a Zip archive containing a flag.txt. We can extract the files with the command binwalk -e <file> which will send the extracted file to _<filename>.extracted. Inside, you will find the flag.txt with the flag!
This challenge is also solvable with the online tool Aperisolve that automates tools including Binwalk.
Aperisolve has very unreliable uptime, especially during competitions. Learn to solve without it.
Credits
- Author(s): Divesh Gupta (legendile7)