Day and Night
task
Los Angeles is so different and beautiful at night. The key to taking such beautiful photos is to do it in BLACKANDWHITE, and always point your camera towards the skyline, facing
out, I guess.
Author: Jerry
Tags: steg
writeup
Let’s grab this jpg file!
1
| wget https://acmcyber.com/static/files/7983b9ad984e324b/los_angeles.jpg
|
here is the image
let’s look at it’s metadata using exiftool
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| exiftool los_angeles.jpg
ExifTool Version Number : 12.44
File Name : los_angeles.jpg
Directory : .
File Size : 119 kB
File Modification Date/Time : 2022:11:17 08:13:57+01:00
File Access Date/Time : 2022:11:17 17:23:13+01:00
File Inode Change Date/Time : 2022:11:17 17:23:08+01:00
File Permissions : -rw-r--r--
File Type : JPEG
File Type Extension : jpg
MIME Type : image/jpeg
JFIF Version : 1.01
Resolution Unit : None
X Resolution : 1
Y Resolution : 1
Image Width : 900
Image Height : 600
Encoding Process : Baseline DCT, Huffman coding
Bits Per Sample : 8
Color Components : 3
Y Cb Cr Sub Sampling : YCbCr4:2:0 (2 2)
Image Size : 900x600
Megapixels : 0.540
|
nothing interesting so far
Since we know this is a challenge from the steg category we can use stegdetect to detect any kind of jpg steganography:
1
2
| stegdetect ./los_angeles.jpg
./los_angeles.jpg : negative
|
However it reports back as negative.
If we check the strings at the beginning of the jpg file we see something is added:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| strings ./los_angeles.jpg 130 ⨯
JFIF
$.' ",#
(7),01444
'9=82<.342
!22222222222222222222222222222222222222222222222222
$3br
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
#3R
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
J1KE
.)qI
1E.(
n)1O
1@ E-
@ E-
@ E-
@ E-
@ E.(
|
After looking at the sheets for recommended stegtools for this CTF:
https://docs.google.com/presentation/d/1BjNLvf3msw5saI7xFt4w1JHsQ9a5mQurZhl_n4N0dh4/edit#slide=id.g18416d9516a_1_301
there is one tool listed that sticks out here: Outguess
Because the challenge description mentiones this:
facing out, I guess.
The usage for the tool outguess looks like this:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| outguess -h
OutGuess 0.4 Universal Stego 1999-2021 Niels Provos and others
outguess [options] [<input file> [<output file>]]
-h print this usage help text and exit
-[sS] <n> iteration start, capital letter for 2nd dataset
-[iI] <n> iteration limit
-[kK] <key> key
-[dD] <name> filename of dataset
-[eE] use error correcting encoding
-p <param> parameter passed to destination data handler
-r retrieve message from data
-x <n> number of key derivations to be tried
-m mark pixels that have been modified
-t collect statistic information
-F[+-] turns statistical steganalysis foiling on/off.
The default is on.
|
We need to supply the -r flag to tell outguess to retrieve data from the image.
Also we need to supply a key.
I think it is pretty obvious that the key is BLACKANDWHITE because it is written in capital letters in the challenge description.
All we need to do to get the flag should be this:
1
| outguess -k BLACKANDWHITE -r los_angeles.jpg outguess
|
that worked.
Let’s see what we got:
1
2
| file outguess
outguess: PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
|
It is a png image file, so let’s rename it to a proper file extension:
1
| mv outguess outguess.png
|
here is the image:
That is a QR Code!
We can simply use the recipe Parse QR Code on CyberChef to retrieve the flag!
And we can see the flag is: flag{pandas_zebras_and_orcas}
