Skip to content

Latest commit

 

History

History
109 lines (77 loc) · 3.92 KB

no_comment.md

File metadata and controls

109 lines (77 loc) · 3.92 KB
name event category description layout
No Comment (2024)
Intigriti 1337UP LIVE CTF 2024
OSINT
Writeup for No Comment (OSINT) - 1337UP LIVE CTF (2024) 💜
title description tableOfContents outline pagination
visible
true
visible
true
visible
true
visible
true
visible
true

No Comment

Video walkthrough

VIDEO

Challenge Description

Or is there? 🤔

Solution

Players download this cool image 😎

Could check for embedded files or stego, or perhaps do a reverse image lookup on Google or TinEye.

In fact, the title and description is a hint! If we check the image metadata (EXIF), we'll see a comment.

{% code overflow="wrap" %}

exiftool ripple.jpg
ExifTool Version Number         : 12.57
File Name                       : ripple.jpg
Directory                       : .
File Size                       : 6.5 MB
File Modification Date/Time     : 2024:09:21 15:51:46+01:00
File Access Date/Time           : 2024:11:10 11:24:06+00:00
File Inode Change Date/Time     : 2024:11:12 11:10:15+00:00
File Permissions                : -rwxrw-rw-
File Type                       : JPEG
File Type Extension             : jpg
MIME Type                       : image/jpeg
Comment                         : /a/pq6TgwS
Image Width                     : 4032
Image Height                    : 3024
Encoding Process                : Baseline DCT, Huffman coding
Bits Per Sample                 : 8
Color Components                : 3
Y Cb Cr Sub Sampling            : YCbCr4:2:0 (2 2)
Image Size                      : 4032x3024
Megapixels                      : 12.2

{% endcode %}

Recognise the comment format? It's from Imgur, where URLs are formatted like imgur.com/a/{alphanumeric} (albums) and imgur.com/g/{alphanumeric} (galleries).

Let's visit the imgur link and see the same image, along with a comment.

{% code overflow="wrap" %}

V2hhdCBhICJsb25nX3N0cmFuZ2VfdHJpcCIgaXQncyBiZWVuIQoKaHR0cHM6Ly9wYXN0ZWJpbi5jb20vRmRjTFRxWWc=

{% endcode %}

We base64 decode it..

{% code overflow="wrap" %}

What a "long_strange_trip" it's been!

https://pastebin.com/FdcLTqYg

{% endcode %}

Visit the pastebin link and find a password protected note. Enter long_strange_trip to uncover a hex string.

Converting from hex doesn't work, so we check the users public pastes and find this one..

{% code overflow="wrap" %}

I've been learning all about cryptography recently, it's cool you can just XOR data with a password and nobody can recover it!!

I think I've learnt enough about that now, hopefully I'll learn something new in next weeks topic: https://specopssoft.com/blog/password-reuse-hidden-danger

{% endcode %}

Quite a hint, but at the last minute I worried this part was too guessy. We XOR the data with the same password and get the flag 🙂

Flag: INTIGRITI{instagram.com/reel/C7xYShjMcV0}

Fun fact: the insta reel is from a concert I saw in the Las Vegas sphere and I will never stop talking about it 😂