NahamCon2021 CTF - Pollex - Writeup

Introduction

Today we're doing a CTF writeup for the Pollex challenge from the NahamCon2021 CTF. Pollex is a steganography challenge and after we started the challenge we downloaded the associated file we checked what kind of file it was: 


file pollex


This looks like a regular jpg file. Let's check its exif info with Exiftool:



The output from the Exiftool tells us that there's an embedded thumbnail in the file, also the thumbnail is embedded as binary data. We can extract embedded binary thumbnail data from images using Exiftool by supplying the following command:

exiftool -b -a -preview:all -W /home/kali/walks/ctf/nahamcon2021/%f_%t%-c.%s pollex


The file that was created is named pollex_ThumbnailImage.jpg.  Let's view it now:

xdg-open pollex_ThumbnailImage.jpg


Summary

After downloading the file, we used Exiftool to analyze it, discovering that there was a thumbnail embedded in the image. Using Exiftool, we extracted the thumbnail and viewed it, revealed our objective flag string.

Finish










Comments

  1. Ahrar MalikFebruary 2, 2022 at 4:30 AM


    I like your all post. You have done really good work. Thank you for the information you provide, it helped me a lot. wahabtech.net I hope to have many more entries or so from you.
    Very interesting blog.
    ExifTool Crack

    ReplyDelete

Post a Comment

Popular posts from this blog

TryHackMe - Windows PrivEsc - Walkthrough

Image
Introduction Today we're going to be doing a walkthrough for the Windows PrivEsc room hosted at https://tryhackme.com/room/w indows10privesc . For this walkthrough, we'll be using two virtual machines (VMs), a Kali Linux VM as our attacking machine, and the deployed Windows 10 client as the the victim machine. Task 1 - Deploy the Vulnerable Windows VM Press the green button here: The Windows machine should come online after a minute or two. The IP address of the machine can be found here: Of course, the actual IP address will probably be a different one from the one in the screenshot.  For the examples, however, we will use the IP address of 10.10.227.113 RDP should be available on port 3389 (it may take a few minutes for the service to start). You can login to the "user" account using the password "password321": xfreerdp /u:user /p:password321 /cert:ignore /v:10.10.227.113 Questions: Deploy the Windows VM and login using the "user" ...
Read more

TryHackMe - Reversing Elf - Walkthrough

Image
Introduction Today we're going to be doing a walkthrough for the Reversing ELF room hosted at https://tryhackme.com/room/ reverselfiles . For this walkthrough, we'll be using one virtual machine (VMs), a Kali Linux VM as our attacking machine. Task 1 - Crackme1 Questions What is the flag? Download the Task 1 Task File Copy it to your working directory Give the file executable permissions Run the file chmod +x crackme1 ./crackme1 Task 2 - Crackme2 Questions What is the super secret password ? Give the file executable permissions Run Ltrace on the file with a test string chmod +x crackme2 ltrace ./crackme2 test ./crackme2 passwordFoundInPreviousStep Task 3 - Crackme3 Questions What is the flag? Give the file executable permissions Run strings on the file Echo the base64 string you found, pipe it into Base64 decode chmod +x crackme3 strings crackme3 echo “ base64stringFoundInPreviousStep ” | base64 -d Task 4 - Crackme4 Questions What is the password ? Give the file execu...
Read more

TryHackMe - Web Enumeration - Walkthrough

Image
Introduction Today we're going to be doing a walkthrough for the Web Enumeration room hosted at https://tryhackme.com/room/ webenumerationv2 . For this walkthrough, we'll be using two virtual machines (VMs), the TryHackMe AttackBox VM as our attacking machine, and the deployed vulnerable Web clients as the the victim machines. Task 1 - Introduction Questions: Let's get started No answer needed Task 2 - Manual Enumeration Questions I gotcha! No answer needed Task 3 - 1. introduction to Gobuster Questions No questions No answer needed Task 4 - 1.1 Gobuster Modes Questions I get the hang of it! No answer needed Task 5 - 1.2 Useful Wordlists Questions No questions No answer needed Task 6 - 1.3 Practical: Gobuster (Deploy #1) Questions Run a directory scan on the host. Other than the standard css, images and js directories, what other directories are available? echo “10.10.164.99 webenum.thm” >> /etc/hosts gobuster dir -t 16 -u http://webenum.thm -w /usr/sha...
Read more