flag-is-hidden
Description
The flag is hidden in the attached file. Can you find it?
PS: stegano tools can "rock your" score
First of all, let’s download the file and see what kind of file is. It seems to be an apk file. I usually start by analyzing the file using the basic stegano tool: exiftool to get some info about the file. After that I used a tool that extract data using headers, footers and data structures.
foremost -i flag.apkThe output is more friendly and I get the audit.txt file and jpg, png and zip directories. So let’s analyze them.
In jpg I found a jpg file and I try to analyze it using basic tools.
steghide extract -sf 00001863.jpg
#Output:steghide: could not extract any data with that passphrase!That make me think it is something in this jpg file and all I need to do is get the password. I can get the password with stegseek:
stegseek --crack 00001863.jpg ~/Documents/rockyou.txt
StegSeek 0.6 - https://github.com/RickdeJager/StegSeek
[i] Found passphrase: "1234"
[i] Original filename: "secret.txt".
[i] Extracting to "00001863.jpg.out".In the output file it is the flag, but it seems to be encrypted with base64:
echo 'RUNTQ3thM2NmYzdmNGY4MTJjYzRiNTExZjZkZTRkYzE1MDQyMmY0OWU4MTdjMGY2MTMyMTg1MmE4MWU2YjVmMzk2MWJhfQ=='| base64 -dLast updated