RED - Forensics Challenge Writeup (picoCTF)

Naresh SNaresh S
1 min read

Link to the challenge

Category: Forensics
Author: SHUAILIN PAN (LECONJUROR)
Flag Format: picoCTF{FLAG}

Challenge Description: RED, RED, RED, RED

Hint: Check whatever Facebook is called now.

This challenge contains a PNG image named red.png, with a hint given based on Facebook(now Meta) from which it’s pretty obvious to analyze the metadata to extract the flag hidden within the image.

Provided with an image that reveals nothing suspectable, started off analyzing the metadata and steganography(which is hiding data within other data) as the hint suggested.

Used the zsteg command which analyzes images to detect hidden data (steg). This revealed a base64 encoded string.

zsteg red.png

I then decoded the string using basic command line tools (echo, base64). Which then revealed the flag.

echo "cGljb0NURntyM2RfMXNfdGgzX3VsdDFtNHQzX2N1cjNfZjByXzU0ZG4zNTVffQ==" | base64 -d

Correct Flag
picoCTF{r3d_1s_th3_ult1m4t3_cur3_f0r54dn355}

Happy Hacking!!

20
Subscribe to my newsletter

Read articles from Naresh S directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Naresh S
Naresh S

CyberSecurity Enthusiast diving into OSINT, Forensics, Crypto and CTFs | Learning One challenge at a time | Vice-President bi0s AVV Nagercoil Campus | President IKS AVV Nagercoil Campus | Sharing my journey, writeups & beginner-friendly insights