VULNCON CTF 2020 - T1G3R writeup
Description:
My tiger hid a hash in this, go grep the hash and get the flag.
Author - 5h4rk
Solution
There are two files in the chall: a password protected zip file and a jpeg image of a tiger.
I used a lot of steganography tools on the image trying to find hidden messages. In the end, I used StegCracker to search for files hidden with steghide
.
The password to the file hidden inside the image with steghide
is tiger
, which I should have tried without brute-forcing, but ok. The hidden file is a hash.txt with the content 6e2dfb581bbe2b0f82e59781fb962ff9099e8d82f45f1496
.
By searching on Google, I found that this is a Tiger192,3 hash, and the original string is you are going good go get the flag password is "Tiger_is_cool"
, which was found with this tool.
Using Tiger_is_cool
as the zip password, we are presented with a strange text file:
pi pi pi pi pi pi pi pi pi pi pika pipi pi pipi pi pi pi pipi pi pi pi pi pi pi pi pipi pi pi pi pi pi pi pi pi pi pi pichu pichu pichu pichu ka chu pipi pipi pipi pipi pi pi pi pi pikachu pi pi pi pi pi pi pi pi pi pi pi pi pikachu pikachu ka ka ka ka pikachu pi pi pi pikachu pichu ka ka ka ka ka ka ka ka ka ka ka ka pikachu ka ka ka ka ka ka ka ka ka ka ka pikachu pikachu pipi ka ka ka pikachu ka ka ka ka ka ka ka ka ka ka ka ka ka ka ka pikachu pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pikachu pi pikachu ka ka ka ka ka ka ka ka ka ka ka ka ka ka ka pikachu ka ka ka pikachu pi pi pi pi pi pi pi pikachu pi pi pi pi pi pikachu pichu ka pikachu pipi ka ka ka ka ka ka ka ka ka ka ka pikachu pi pi pi pi pi pi pi pi pi pi pi pi pikachu ka ka pikachu pichu pi pikachu pipi ka ka ka ka ka ka ka ka ka ka ka ka ka ka ka ka ka ka ka ka pikachu ka pikachu pikachu pichu pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pikachu pi pi pi pi pi pi pi pi pikachu pipi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pi pikachu pichu pi pi pi pi pi pi pi pikachu pipi ka ka ka ka pikachu
I just searched this entire thing on Google, and the first result is a decoder to the Pikalang Programming Language. By using it to interpret the given code, the result is the link https://pastebin.com/YXXBJwQs. The flag is in this Pastebin:
vulncon{@Tiger_are_preu_hackers!!!!}