Skip to content

Latest commit

 

History

History
83 lines (63 loc) · 2.95 KB

m00nwalk2.md

File metadata and controls

83 lines (63 loc) · 2.95 KB

m00nwalk2

Challenge information

Points: 300
Tags: picoCTF 2019, Forensics
Author: JOON

Description:
Revisit the last transmission. We think this transmission contains a hidden message. 
There are also some clues clue 1, clue 2, clue 3.

Hints:
1. Use the clues to extract the another flag from the .wav file

Challenge link: https://play.picoctf.org/practice/challenge/28

Solution

The setup is the same as in the previous moonwalk challenge.

Decode the clues

First we decode the clue wav-files

┌──(kali㉿kali)-[/mnt/…/picoCTF/picoCTF_2019/Forensics/M00nwalk2]
└─$ sstv -d clue1.wav -o clue1_result.png
[sstv] Searching for calibration header... Found!    
[sstv] Detected SSTV mode Martin 1
[sstv] Decoding image...                              [####################################################################################################] 100%
[sstv] Drawing image data...
[sstv] ...Done!

┌──(kali㉿kali)-[/mnt/…/picoCTF/picoCTF_2019/Forensics/M00nwalk2]
└─$ sstv -d clue2.wav -o clue2_result.png
[sstv] Searching for calibration header... Found!    
[sstv] Detected SSTV mode Scottie 2
[sstv] Decoding image...                              [####################################################################################################] 100%
[sstv] Drawing image data...
[sstv] ...Done!

┌──(kali㉿kali)-[/mnt/…/picoCTF/picoCTF_2019/Forensics/M00nwalk2]
└─$ sstv -d clue3.wav -o clue3_result.png
[sstv] Searching for calibration header... Found!    
[sstv] Detected SSTV mode Martin 2
[sstv] Decoding image...                              [####################################################################################################] 100%
[sstv] Drawing image data...
[sstv] ...Done!

The resulting pictures is a bit hard to read but they contain:

  • Clue1: Password hidden_stegosaurus
  • Clue2: The quieter you are the more you can HEAR
  • Clue3: Alan Eliasen the Future Boy

Googling the last clue points to this Steganographic Decoder which uses the Steghide tool.

Get the flag

Lets run steghide with the password from clue #1

┌──(kali㉿kali)-[/mnt/…/picoCTF/picoCTF_2019/Forensics/M00nwalk2]
└─$ steghide extract -sf message.wav -p hidden_stegosaurus

wrote extracted data to "steganopayload12154.txt".

┌──(kali㉿kali)-[/mnt/…/picoCTF/picoCTF_2019/Forensics/M00nwalk2]
└─$ cat steganopayload12154.txt                                         
picoCTF{<REDACTED>}

And there we have the flag.

For additional information, please see the references below.

References