Check my GitHub!

devil's-secret-stash

Forensics/Steganography

My blog has migrated to https://wintertia.pages.dev/ ! This Gitbook will no longer be maintained.

In the depths of the Pine Barrens, a cryptic legend whispers of the Jersey Devil guarding a picture. Tales speak of forgotten knowledge sealed within, but only those sharp enough to see the truth can unlock its secrets. The key? The key hiding in plain sight, woven into the eerie folklore itself, waiting for the chosen few to discover and reveal the dark treasures within.

Author: malanka

245KB
devil.jpg
image
Open

Given a single image, I was able to find a hidden zip file using binwalk:

$ binwalk devil.jpg

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             JPEG image data, EXIF standard
12            0xC             TIFF image data, big-endian, offset of first image directory: 8
15196         0x3B5C          Copyright string: "Copyright (c) 1998 Hewlett-Packard Company"
250250        0x3D18A         Zip archive data, encrypted compressed size: 55, uncompressed size: 27, name: flag
250447        0x3D24F         End of Zip archive, footer length: 22

Extracting the zip out of the image, and then attempting extract the zip, prompted me for a password:

$ 7z x 3D18A.zip

7-Zip 24.07 (x64) : Copyright (c) 1999-2024 Igor Pavlov : 2024-06-19
 64-bit locale=en_US.UTF-8 Threads:16 OPEN_MAX:1024

Scanning the drive for archives:
1 file, 219 bytes (1 KiB)

Extracting archive: 3D18A.zip
--
Path = 3D18A.zip
Type = zip
Physical Size = 219

Enter password (will not be echoed):

Because I didn't have a password, I cracked it using zip2john and john:

Using the password 250250 I was able to extract the zip and get the flag:

Last updated