Cyber Talents : DF : Hidden Message


🕵️♂️ 1. Identification :
Challenge Description:
Cyber Criminal is hiding information in a file named h_m.jpg
. Requirements: Extract the flag and submit it in MD5 format.
Case Type: Forensic Analysis of an Image File Suspected of Steganography / Metadata Forensics.
📥 2. Acquisition
Download the digital guide (image) :
sansforensics@as: ~/DF-LAB/CyberTalents
$ wget https://hubchallenges.s3.eu-west-1.amazonaws.com/h_m.jpg
--2025-07-28 20:51:21-- https://hubchallenges.s3.eu-west-1.amazonaws.com/h_m.jpg
Resolving hubchallenges.s3.eu-west-1.amazonaws.com (hubchallenges.s3.eu-west-1.amazonaws.com)... 3.5.70.76, 3.5.72.21, 52.92.16.106, ...
Connecting to hubchallenges.s3.eu-west-1.amazonaws.com (hubchallenges.s3.eu-west-1.amazonaws.com)|3.5.70.76|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 63516 (62K) [image/jpeg]
Saving to: ‘h_m.jpg’
h_m.jpg 100%[===================>] 62.03K 128KB/s in 0.5s
2025-07-28 20:51:23 (128 KB/s) - ‘h_m.jpg’ saved [63516/63516]
Check file properties after downloading :
sansforensics@as: ~/DF-LAB/CyberTalents
$ stat h_m.jpg
File: h_m.jpg
Size: 63516 Blocks: 128 IO Block: 4096 regular file
Device: 802h/2050d Inode: 3150185 Links: 1
Access: (0664/-rw-rw-r--) Uid: ( 1000/sansforensics) Gid: ( 1000/sansforensics)
Access: 2025-07-28 20:51:23.000000000 +0000
Modify: 2024-09-22 15:28:18.000000000 +0000
Change: 2025-07-28 20:51:23.182125873 +0000
Birth: -
Determine the file type using the file tool:
sansforensics@as: ~/DF-LAB/CyberTalents
$ file h_m.jpg
h_m.jpg: JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2], baseline, precision 8, 955x384, components 3
🧊 3. Preservation
The file was processed in a digital forensic environment .
The file contents were not modified at all, and analysis was performed using read-only tools such as exif.
Preservation was performed by:
Copying the file into the investigation folder: ~/DF-LAB/CyberTalents/
Not modifying its timestamps.
Not using any tool that would overwrite the file.
🔍 4. Analysis
Analysis tools used: exif
or exiftool
To analyze the image's metadata.
Execute the analysis :
Here we have found the flag , Using exiftool :
sansforensics@as: ~/DF-LAB/CyberTalents
$ exif h_m.jpg
EXIF tags in 'h_m.jpg' ('Motorola' byte order):
--------------------+----------------------------------------------------------
Tag |Value
--------------------+----------------------------------------------------------
X-Resolution |96
Y-Resolution |96
Resolution Unit |Inch
YCbCr Positioning |Centered
Exif Version |Unknown Exif Version
Components Configura|Y Cb Cr -
User Comment |b1a1f2855d2428930e0c9c4ce10500d5
FlashPixVersion |FlashPix Version 1.0
Color Space |Internal error (unknown value 65535)
--------------------+----------------------------------------------------------
To extract the flag alone :
sansforensics@as: ~/DF-LAB/CyberTalents
$ exif h_m.jpg | grep Comment
User Comment |b1a1f2855d2428930e0c9c4ce10500d5
🟢 The flag was found inside the User Comment field of the Exif Metadata.
📝 5. Reporting
Report Report Title: Investigating an Image File Containing Hidden Data - CyberTalents Challenge
Description : An image named h_m.jpg was uploaded, and by analyzing the metadata using forensic tools, a hidden key was found in the "User Comment" field .
Analysis Tool: exif
Final Result (Flag):
b1a1f2855d2428930e0c9c4ce10500d5
Flag Format: MD5 ✅
Status: ✅ Flag extracted successfully
💬 "Control the code, and you control the world."
See You Soon
AS Cyber “)).
Subscribe to my newsletter
Read articles from Abdelwahab A. Shandy 🦅 directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by

Abdelwahab A. Shandy 🦅
Abdelwahab A. Shandy 🦅
Welcome to my profile! I'm an Information Systems student with a strong passion for cybersecurity and backend development. My curiosity drives me to dive deep into the complex mechanisms of the digital world and uncover the behind-the-scenes magic of programming. I hold certifications from Google, Infosec, Cisco, Try Hack Me, and the Information Technology Institute (ITI), I'm on an exciting journey of continuous learning and skill expansion—ready to embrace the future of technology! 🌇 Let’s connect, collaborate, and explore the vast world of tech together!