April 30, 2017, 12:11:36 AM
Welcome, Guest. Please login or register.

"640 K ought to be enough for anybody." -- Bill Gates

Author Topic: THS - IMAGE CHALLENGE 1  (Read 8598 times)

Offline R4v3N

  • Administrator
  • Super Elite
  • *****
  • Posts: 3691
  • Internets: +160/-1
  • The googles and the metasploits...
    • Top-Hat-Sec
Re: THS - IMAGE CHALLENGE 1
« Reply #15 on: September 14, 2012, 03:13:29 PM »
Well this is why they are challenges....After last night I realized that the challenge may have been a little difficult. I created the 2nd challenge which should be a lot easier. I have a feeling that I may have set the damn bar too high...lol. I know that this does not help anyone but, from the time I download the pictures, to the time I solve the mystery... it would take me about a minute maybe total to solve it.

I created the 2nd challenge, to me its not any more difficult but I think it should be easier.

I have a feeling that I will need to maybe teach a class on this? Anybody interested?

Offline R4v3N

  • Administrator
  • Super Elite
  • *****
  • Posts: 3691
  • Internets: +160/-1
  • The googles and the metasploits...
    • Top-Hat-Sec
Re: THS - IMAGE CHALLENGE 1
« Reply #16 on: September 14, 2012, 03:14:43 PM »
in windows..... go to command prompt, and navigate to the location of the file.... then type in

dir/r   

thats all the hints im giving out.

Offline Red

  • *CWSP Certified*
  • Elite
  • *******
  • Posts: 811
  • Internets: +4/-0
  • "AKA SGT"
Re: THS - IMAGE CHALLENGE 1
« Reply #17 on: September 14, 2012, 03:20:11 PM »
So what exactly are we looking for? Does it have something to do with the metadata? I'm stumped

Offline corr.x86

  • Top Hat Member
  • Elite
  • ********
  • Posts: 1111
  • Internets: +10/-0
  • ^That's a lie
Re: THS - IMAGE CHALLENGE 1
« Reply #18 on: September 14, 2012, 04:28:36 PM »
if there will be a class for 'this'... what exactly is 'this'???
"I have this assignment bla bla bla, can you give me teh codez?"

"www.adoptamalware.com would be a nice website to run."

Offline n1tr0g3n

  • Super Elite
  • ******
  • Posts: 4734
  • Internets: +63/-2
  • MCSA, MCP, MCTS, DCSE, CE/H, ACSP, N+,A+, CWSP
    • n1tr0g3n Information Security Blog
Re: THS - IMAGE CHALLENGE 1
« Reply #19 on: September 14, 2012, 04:36:01 PM »
Ughhhhhhhhhhhhhhhh!!! Those images drove me crazy! I have the answer but I can't tell you guys lol   ;D  Just kidding!
"It's mind over matter, If you don't have a mind then it doesn't matter

Youtube  Channnel
http://www.youtube.com/user/n1tr0g3n0x1d3
Twitter  https://twitter.com/n1tr0g3n_com
http://www.n1tr0g3n.com  
http://teamctfu.weebly.com/

Offline 3therk1ll

  • *CWSP Certified*
  • Elite
  • *******
  • Posts: 579
  • Internets: +12/-1
  • Try, fail, learn, repeat
Re: THS - IMAGE CHALLENGE 1
« Reply #20 on: September 14, 2012, 11:53:34 PM »
Yeah what is the class on lol? Steganography?
Every time [some software engineer] says, �Nobody will go to the trouble of doing that,� there�s some kid in Finland who will go to the trouble.

� Alex Mayfield

Offline R4v3N

  • Administrator
  • Super Elite
  • *****
  • Posts: 3691
  • Internets: +160/-1
  • The googles and the metasploits...
    • Top-Hat-Sec
Re: THS - IMAGE CHALLENGE 1
« Reply #21 on: September 15, 2012, 12:09:35 AM »
Yeah what is the class on lol? Steganography?

Yes along with ADS

Offline XvX

  • Enthusiast
  • **
  • Posts: 53
  • Internets: +1/-0
Re: THS - IMAGE CHALLENGE 1
« Reply #22 on: September 21, 2012, 12:05:05 PM »
Found this interesting after an ELA on both images.

http://imgur.com/Qi1yy

The 2nd ELA (pictured far right in the image; the .png) has some interesting pixelation that the .jpg doesn't at the top left corner. Not sure if that has to do with the format or compression though.

Offline mrwhte

  • Prospect
  • *
  • Posts: 15
  • Internets: +0/-0
Re: THS - IMAGE CHALLENGE 1
« Reply #23 on: November 24, 2012, 08:04:55 AM »
I have put both images in stegdetect.  They are both passwd protected.  What is funny, how before attempting to mess with this challenge I had know idea what exiftool, stegdetect, stegbreak, jtr where.  Still don't to a certain extent. Commands for various software are confusing for me, but I can feel myself starting to understand the proper way to attack the problem/challenge.  Forensics is very interesting to me.  Has everyone given up on this one?  I love the challenges the site offers.

Offline NightDefender

  • Experienced
  • ***
  • Posts: 113
  • Internets: +0/-0
Re: THS - IMAGE CHALLENGE 1
« Reply #24 on: November 24, 2012, 11:16:19 PM »
Haha.. I think it's pretty funny watching this post :) Not to say that I have found it as I have not begun the task, it is on my TO DO list (bloody long list now).
I think the idea here is to treat it as real world. What if someone sent you some data in an emergency from a hot zone or corrupt office somewhere?? You can't ask what data when they hang up on you or feel they can't speak over the phone, you just find it :) Extreme I know but still I think this is the general idea. Cool idea though, I will get to this challenge one day.
The only limits we have are the ones we put on ourselves | No limits

Offline NightDefender

  • Experienced
  • ***
  • Posts: 113
  • Internets: +0/-0
Re: THS - IMAGE CHALLENGE 1
« Reply #25 on: November 25, 2012, 01:31:00 AM »
I just checked out what ADS is as before seeing the acronym in this post, I had never heard of it before. ADS could be pretty devastating to a company if some malware was pushed out over WDS and a quick logon script created to execute on every profile. Has anyone ever experienced this before performing the tidy up work after a rogue employee was let loose?
The only limits we have are the ones we put on ourselves | No limits

Offline TAPE

  • Top Hat Member Moderator
  • Elite
  • ********
  • Posts: 1247
  • Internets: +192/-0
Re: THS - IMAGE CHALLENGE 1
« Reply #26 on: November 25, 2012, 01:49:52 AM »
ADS is more risky in a WinXP environment, as from Win7 in any case it is not so
easy to have files executed from ADS.

Also, from my trials, ADS is not transferable, so if you copy a file with ADS to a flashdrive
you will lose the ADS.
Take all the advice you like and then tell everyone to **** off and do your own thing -- Gitsnik

Offline NightDefender

  • Experienced
  • ***
  • Posts: 113
  • Internets: +0/-0
Re: THS - IMAGE CHALLENGE 1
« Reply #27 on: December 06, 2012, 03:58:39 AM »
Ah ok cool thanks.
The only limits we have are the ones we put on ourselves | No limits

Offline zhanx

  • Prospect
  • *
  • Posts: 2
  • Internets: +0/-0
Re: THS - IMAGE CHALLENGE 1
« Reply #28 on: May 27, 2013, 03:52:02 AM »
upper left corner of the png has something in it compared to jpg.

Offline R4v3N

  • Administrator
  • Super Elite
  • *****
  • Posts: 3691
  • Internets: +160/-1
  • The googles and the metasploits...
    • Top-Hat-Sec
Re: THS - IMAGE CHALLENGE 1
« Reply #29 on: July 09, 2013, 04:40:44 PM »
Good efforts people...haha. I will have to open up the THSOS and see what it was again...I forgot!