This write up is a bit old and contains the solution for both CTF 2013 Backdoor which is a forensic challenge. The first one says and I quote: “ h4x0r is fed up with all your attacks on his castle and has decided to retaliate by attacking us back. He sent us a mail with this image as a warning. I hope you can figure out his warning message: MD5 of the message is the answer.”

We got an image that contains a hidden text so this is obviously a steganalysis challenge. We’re required to find the hidden text embedded inside this image. Now we will use a tool that will show us if the image has some sort of bits hidden in it. The tool is “Stegsolve” which is a java tool you can download it and run it in both windows and Linux. Now if we run the tool and after skipping many views we got a gray bits image which is conspicuously the targeted one that has the text.

 

Now we saved the image from the drop-down file tab at the top navigation of the tool and by using any hex editor like “HexView” or Notepad++ with “Hex” enabled we would get this binary combination

011011010110111101100100011001010111001001101110011101110110000101110010011001100110000101110010011001010000000000000000000000000000

Now with a Perl command, we were able to convert this binary to a text which is the hidden text then we used md5sum tool to md5 hash this text to get the intended flag

If we move on to the next Challenge which is also a forensic one. The challenge says and I quote

“H4x0r has now learned that simple text authentications are not the in thing today. Also since voice authentication is all the rage nowadays thanx to siri, he decided to get one for his castle. But he messed it big time and now has an audio file which he himself can’t seem to decipher. So now he needs your help to get into his own castle. You can find the file here. Find the hidden passphrase, the flag is the MD5 of the passphrase. HINT: It is a audio wave. Sometimes you might have to see things instead of hearing them “

We downloaded the file and opened it with a wave editor and got the figure below

 

 

Now every waveform which starts at x-axis and goes down first then up second will be considered a “0” wave in the binary representation and any waves starts at x-axis and goes up then down will be considered “1” in the binary representation

 

We ended up with this binary

011000100110000101101011011001000110111101110010

Then we used the same perl command to get the text representation then used md5sum to get the md5 hash which is the flag



that’s it

About the Author

Cybersecurity Trainer MS in Cybersecurity Expertise in Healthcare and Finance Industries Penetration tester and compliance auditor

View Articles