Write-up author: jon-brandy
Try to find out the secret which is hiding inside of these pictures and learn the truth about Mona Lisa!
- NONE
- First, unzip the
.zip
file given.
RESULT
- Let's strings monalisa.
RESULT
- It looks like there are hidden files inside. Now extract it using binwalk, then jump to the extracted directory.
RESULT
- Yep, just like what we thought!
- Hmm.. let's try to unzip the
famous
one.
RESULT
- Use
fcrackzip
to get the pass.
fcrackzip -D -u -p /usr/share/wordlists/rockyou.txt famous.zip
RESULT
- Unzip it again.
- Hmm.. let's use stegsolve.
- Well i got nothing.
- Let's try to strings
Plans.jpg
.
RESULT
- Check the youtube video.
RESULT
- No clue.
- Let's strings the last file.
- Well got not clue either. But the file name caught my attention, the clue here is referring to
steghide
(?). - Let's try to use it and insert the pass as
TOM
("TOM" is displayed at the image)
RESULT
- There we go! Strings it.
RESULT
- Hmm.. What comes to my mind is, this password is for
Mona.jpg
. But first, the password looks like hashed (might be in MD5, since it's the common hash algorithm in CTF), try to crack it with online md5 cracker.
RESULT
- Let's use it to mona.
RESULT
- Hmm.. use it to plans then.
RESULT
- Stuck for a while here, but when i check the youtube's link we got.
- I tried to use the
Guernica
as the password. - Turns out it's correct.
RESULT
- Strings the key.
RESULT
- It's encoded in base64 , decode it.
RESULT
DECODE IT AGAIN
DECODE IT AGAIN
- Got the flag!
HTB{M0n@_L1z@_!s_D3@D}