Open in app

Sign in

Write

Sign in

Capture the Flag

Musyoka Ian
4 min readMar 9, 2020

--

Hello guys today am going to do a write on a simple capture the flag challenge that my friend send me it requires basic knowledge of Linux commands and when to use them and also a little bit of stenography. Let’s get started

we have a Zip archive data file and we need to extract the file to get the contents of the file

But when we try to unzip the file we get a prompt that a password is required and we don’t have a password for the zip file now things start getting complicated luckily Linux comes with tools that can help in the brute force of zip archive data file namely Fcrackzip and john the ripper. For this tutorial i’ll be using john the ripper. First i need to convert the zip file into a hash format using zip2john then crack the hash using john the ripper and a word list rockyou

This gives a long line of a hash which i decided to save into a file using the command below. The hash was saved in a file called hash.hash

zip2john ctf.zip > hash.hash
ver 81.9 ctf.zip/Griffith_Observatory.png is not encrypted, or stored with non-handled compression type
ver 81.9 ctf.zip/Hacker.docx is not encrypted, or stored with non-handled compression type

Now it’s time we crack the hash using john the ripper

Since i had already cracked the password before it was already stored in a potfile and all i had to do is retrieve using — show command in john the ripper and it revealed the password is welcome. Who could have guessed now lets unzip the archive

We get an image file and a document on opening the document we get just a published article from Wikipedia which ended up being a rabbit hole so i decided to focus my attention on the image file.

Hope you’ve heard Stenography before and if not I’ve left a link to check out. Basically is the practice of concealing a file, message, image, or video within another file, message, image, or video. I decided to run strings on the image but got nothing interesting

I decided to use another tool in Linux called binwalk it comes preinstalled in Kali Linux and Parrot OS and voila

We file another zip archive that is embedded on the Image. We can use binwalk to extract the zip archive

And the extracted files were saved in a file called _Griffith_Observatory.png.extracted as shown above now lets inspect the files that were extracted

Running the file command we see that the hidden_binary is an executable before i started running a reverse engineering app i decided to run strings command on it and voila !!! we got the flag

We get the flag though it looks somewhat distorted but non the less it’s our flag. Putting it in a readable format

flag{2Hfbe9adc2Had89c71dHa48cabe9H0a121c0}

And we are done

I decided to take a step further and try to analyze with ida reverse engineering software the flag was in the function main of the program as seen below

Hope you guys have learnt something new until next time peace guys

Capture The Flag
Steganography
Reverse Engineering
Brute Force
John The Ripper

--

--

Musyoka Ian
Musyoka Ian

Written by Musyoka Ian

759 Followers
5 Following

Penetration Tester/Analytical Chemist who Loves Cybersecurity. GitHub(https://github.com/musyoka101), ExploitDB(https://www.exploit-db.com/?author=10517)

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams