Post

PicoCTF - "CanYouSee"

Solving "CanYouSee" by Mubarak Mikail

Posted Updated
By Adam Blighe
1 min read

See the challenge by Mubarak Mikail

Description

How about some hide and seek?

Solution

We’re given a .zip archive containing a single image, my first thought was the flag was hidden using steganography, i.e. in the image, but after trying to extract something with steghide, I found this!

Extracted data

So of course, the flag we want must be hidden somewhere in the files’ metadata. Checking the file with the identify command from ImageMagick didn’t give anything useful, but exiftool did! Notice anything weird?

EXIF data from the image

That attribution “URL” doesn’t look like a URL to me…

Decoding the flag from Base64

Yup! There’s the flag :)

CTFs, PicoCTF, Forensics
This post is licensed under CC BY 4.0 by the author.