FINCII2024 CYBER DRILL STEGANOGRAPHY DEEP SEA
Walkthrough
Question: I want to meet you at a place. It's quite busy place. A whale will guide you to the destination.
A compressed file was provided named "shipping.jpg.tar.gz" for the challenge. First, we need to decompress this. We can do this by using command tar -xzvf shipping.jpg.tar.gz in linux.
After decompressing, we get a file named "shipping.jpg". So, basically, it's an image steganography challenge. There are many types of steganography like video steganography, audio steganography, image steganography, GIF steganography, etc. To solve this steganography challenge, I tried many methods, but here I will only describe the one that worked for me to get the flag.
We can use steghide. To extract data using steghide, you'll need to use the --extract command-line option. Here's the syntax: steghide --extract -sf shipping.jpg. (-sf Specifies the filename of the file containing the hidden data).
At this point, we will need to use the correct passphrase to extract data from "shipping.jpg". But we don’t know the password, right? Actually, the password was given in the question. The question was: "I want to meet you at a place. It's quite busy place. A whale will guide you to the destination." The password is "whale." It’s tough to get the password on the first try, as the passphrase could be any word in the question, or a common password, or something related to FINCII2024. That’s why you may need to try multiple times. Once you enter the correct passphrase, the data will be extracted to a text file named "secret.txt".
After viewing the contents of "secret.txt" using the command cat secret.txt, you will find some binary and base64 data.
After decoding the binary in CyberChef, we get nothing meaningful, but decoding the base64 reveals coordinates.
After searching the coordinates in Google, we found the location name, which is "Shibuya Scramble Crossing."
Please pardon any mistakes. Have question? Connect with me on LinkedIn