Sombrero CTF Write-up
About a year ago I was challenged by someone in a WhatsApp group to tackle a very interesting CTF. What I can say is that I had lots of fun.
You can find it here.
Steganography on the image
Since the only clue was an image. I figured out that the only way that I could get more information was by searching for hidden information in the image. After tinkering with opacity and colors I decided to use CLI tools to dig deeper.
I found a short introduction and some written morse code.
I used an online tool to decode the morse code.
This got me a pass-phrase that allowed me to extract more information from the image (which was still my only source of information, so it was obvious) with a tool called steghide.
Reading the packet file
The file extracted by steghide was a “pcap-ng capture” file.
I therefore used Wireshark to examine this file. After some analysis it was clear that 2 files were being downloaded in the packets captured. (colosseum.png and messier.jpg). I extracted the two files.
Ceaser in town
From the extracted files, one file was QR code which then showed a Bible verse, Matthew 22:21(Shockingly!!) and the other file was an image.
I again thought that there was a hidden message in the image. I used the strings tool again on meisser.jpg.
I ran it on an online decoder and found out it was a ceaser cipher.
Only after decoding did I realize that the Bible verse was a clue. I tried extracting files from messier.jpg using the phrase and parts of the phrase. I failed.
But after Googling and finding out that the quote was by Claude Shannon, I
gave that a few more tries. The passphrase was “claude shannon” (That was
stressful, thanks!) This extracted meisser.zip.
After examining the proceedings.pdf file properly, I was able to determine that it had hidden files within it.
I then extracted all the files hidden in the document.
There was a zip file in the extracted called 280B.zip. I tried unziping it but it required a password. I used the decrypted password to extract the files(alan.wav and imagine.zip) successfully.
alan.wav was a recorded morse code(yet again, morse code!). imagine.zip was of course a zip file. But also imagine.zip required a password. Decrypting the morse code audio gave me the password. This extracted the eureka text file. I made it and now we are here!
(PS: Clairvoyance was a good touch) Thank you for the challenge sir. Learned a lot.