PicoCTF: Information write-up
In this challenge, we will utilize a utility to extract metadata from an image file and use Base64 decoding to reveal the hidden flag.
Digital images often contain more information than what is visible to the naked eye. Metadata, which is stored within image files, can hold additional details about the file (or hidden flags!). Based on the challenge description, we can assume that the flag is concealed within the details of the provided image.
To examine the metadata of the image, we will use ‘exiftool’, a popular command-line utility that can read, write, and edit metadata across various file formats:
$ exiftool cat.jpg ... License : cGljb0NURnt0aGVfbTN0YWRhdGFfMXNfbW9kaWZpZWR9 ...
The License information appears unusual and warrants further analysis. By using a tool like https://dencode.com/, we can attempt to decode the suspicious text. Upon inspection, we discover that the License text is encoded using Base64 and contains the flag for the challenge.
To streamline the process of carving out the flag, we can create a script named ‘get-flag.sh’:
#!/bin/bash # This script will automatically retrieve the flag # for the PicoCTF 'Information' challenge. wget -q "https://mercury.picoctf.net/static/d1375e383810d8d957c04eef9e345732/cat.jpg" # Retrieve the license info, carve out the encoded string and decode it license=`exiftool -license cat.jpg` echo "${license##*: }" | base64 -d && echo # Clean up rm cat.jpg