CTF Mugardos 2015 Writeup – Stego200

February 13, 2017 | Views: 3925

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Statement: AM 200 points

Now seriously, when it comes to listening to music, nothing is better than the radio … well, maybe that’s not completely true.

Maybe we are too nostalgic.

Format the answer:
– Uppercase and lowercase as they appear in the flag
– No spaces

Solution:

In this challenge, they gave us an Ogg file, nothing strange to the naked eye. Let’s start opening it with Audacity:

estego1

We can see that the first two tracks are the original song but there is a third track, let’s extract it and open it with Sonic Visualiser. This app has helped me a lot in the past with the typical text hidden in audio thanks to its layers:

stego3

As I’m used to I added the spectrogram layer just in case there was some text, and because I like it more. In this case, we didn’t find any text but we were able to locate some audio in a specific part.

After thinking about several ways and doing several tests with software oriented to weather fax that we already saw in other challenges I decided to try my luck with SSTV. For that, we will play the audio with paplay while we set QSSTVE to listen. Notice that you need to redirect the audio output to the input so QSSTV can receive it, in my case using PulseAudio I did this using pavucontrol, in the input sections and the monitor mode interfaces.

Here we can see that QSSTV has recognized the signal as SSTV in Scottie 1 mode and begins to show the result:

stego4

When the audio finishes playing we get the following image:

stego5

Calculate the SHA256 of the string “IWannaKnowPulpoKey” and we get the flag we need.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

Is Linux Worth Learning in 2020?
Views: 335 / December 14, 2019
How do I Get MTA Certified?
Views: 927 / December 12, 2019
How much does your PAM software really cost?
Views: 1380 / December 10, 2019
How Do I Get into Android Development?
Views: 1758 / December 8, 2019

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel