April 23, 2017, 08:33:50 PM
Welcome, Guest. Please login or register.

Feds Seize KickassTorrents Domains, Arrest Alleged Owner -- https://goo.gl/FRHbEJ

Author Topic: THS - IMAGE CHALLENGE 3  (Read 2539 times)

Offline TAPE

  • Top Hat Member Moderator
  • Elite
  • ********
  • Posts: 1246
  • Internets: +192/-0
THS - IMAGE CHALLENGE 3
« on: November 05, 2012, 04:23:18 AM »
Download the image file and see what you can figure out ;)

http://www.mediafire.com/view/?a0fg4bouc1bktmh
Take all the advice you like and then tell everyone to **** off and do your own thing -- Gitsnik

Offline M0rPh3u5

  • Elite
  • *****
  • Posts: 523
  • Internets: +0/-0
  • Musician
Re: THS - IMAGE CHALLENGE 3
« Reply #1 on: November 05, 2012, 10:07:31 AM »
Oh boy! Here we go.  :D
One of the main causes of the fall of the Roman Empire was that, lacking zero, they had no way to indicate successful termination of their C programs.

Offline TAPE

  • Top Hat Member Moderator
  • Elite
  • ********
  • Posts: 1246
  • Internets: +192/-0
Re: THS - IMAGE CHALLENGE 3
« Reply #2 on: November 05, 2012, 01:38:39 PM »
Hint 1
--------
So before I call it a night.. for those having trouble figuring out what to do, look at my post here ;
http://top-hat-sec.com/forum/index.php?topic=1210.msg14421#msg14421

and check out what I am mentioning in the 'copy /b' area...

hints will follow on a daily basis until someone gets it :)

Common guys ! some feedback on how you are doing would be interesting :)
Take all the advice you like and then tell everyone to **** off and do your own thing -- Gitsnik

Offline TAPE

  • Top Hat Member Moderator
  • Elite
  • ********
  • Posts: 1246
  • Internets: +192/-0
Re: THS - IMAGE CHALLENGE 3
« Reply #3 on: November 07, 2012, 11:13:03 PM »
No responses ?!

OK, well hint 2 then
-------------------------
If you followed Hint 1 then you should have realised that the file can be opened using your normal
archive software such as IZarc, WinRAR or WinZip.


Within the archive you will see 2 files, 1 password protected, one able to be extracted.


The details in the exif info of the image are giving major hints on how to proceed..

Take all the advice you like and then tell everyone to **** off and do your own thing -- Gitsnik

Offline TAPE

  • Top Hat Member Moderator
  • Elite
  • ********
  • Posts: 1246
  • Internets: +192/-0
Re: THS - IMAGE CHALLENGE 3
« Reply #4 on: November 16, 2012, 05:04:41 AM »
Hint on what to do with the info.txt

Have a look at the camera make & model... should see something on that !
Take all the advice you like and then tell everyone to **** off and do your own thing -- Gitsnik

Offline Edi0t

  • Top Hat Member
  • Experienced
  • ********
  • Posts: 122
  • Internets: +12/-1
Re: THS - IMAGE CHALLENGE 3
« Reply #5 on: November 19, 2012, 09:34:28 PM »
Just found this yesterday. I'll give it a go sometime tomorrow.  =)
#!bin/bash
if [ "Edi0t" = "h4xx0r1n6 73h 61b50n" ]; then
               echo '4ll y0ur b453 4r3 b3l0n6 70 u5'
            else
               echo "d41vd h4553lh0f h4ck5 m0r3 7h3 b3773r 7h4n 3d107"
            fi

Offline mazzif

  • Experienced
  • ***
  • Posts: 159
  • Internets: +19/-1
  • Seals say "ARP ARP ARP!!!"
Re: THS - IMAGE CHALLENGE 3
« Reply #6 on: November 20, 2012, 08:31:21 PM »
WITH THE HINTS GIVEN IN THE IMAGE FILE I IMAGINE IT DIDNT TAKE TOO LONG TO FIGURE THIS OUT ;)

IN ANY CASE, WELL DONE, THE FIRST STEP IS COMPLETE !

THERE ARE OF COURSE MORE STEPS TO GET THROUGH TO COMPLETE THE CHALLENGE..



PASSWORD TO EXTRACT THE PASSWORD PROTECTED DATA FROM THE .ZIP FILE: ***********

« Last Edit: November 20, 2012, 09:01:48 PM by mazzif »


My hacker box has a Linux system.init

Offline TAPE

  • Top Hat Member Moderator
  • Elite
  • ********
  • Posts: 1246
  • Internets: +192/-0
Re: THS - IMAGE CHALLENGE 3
« Reply #7 on: November 21, 2012, 01:31:34 AM »
Well done mazzif :)

but still 1 step remains ;)
Take all the advice you like and then tell everyone to **** off and do your own thing -- Gitsnik

Offline TAPE

  • Top Hat Member Moderator
  • Elite
  • ********
  • Posts: 1246
  • Internets: +192/-0
Re: THS - IMAGE CHALLENGE 3
« Reply #8 on: November 21, 2012, 03:40:59 AM »
So as the challenge is more or less cracked;

The steps needed to complete the challenge are as follows ;

> Image data able to be opened with an archive manager (IZarc / WinRar etc)
- 2 files in zipped archive ; "info.txt" && "winning"

> File info.txt appears to be gibberish, however when looking at the comments in omgwtf.jpg with for instance exiftool
you will see information which out of the oridinary on Make & Model ;
Quote
Make: ROT13
Model: tr a-zA-Z n-za-mN-ZA-M
The ROT13 code simply shifts the letters up 13 places, and can easily be changed back to original text by using the 'tr' command
as mentioned.
There are also numerous sites online that will do it for you.
http://en.wikipedia.org/wiki/ROT13

Outcome;
Quote
With the hints given in the image file I imagine it didnt take too long to figure this out ;)

In any case, well done, the first step is complete !

There are of course more steps to get through to complete the challenge..



Password to extract the password protected data from the .zip file: TEAMTHSROCKS

> Use the above mentioned password to extract the 'winning' file.
- Again the file looks like gibberish, but it is in fact a base64 encoded file.
(well done mazzif for finding that !)
> Decode the base64 with THS-OS Apollo (or with an online translater) ;
Code: [Select]

base64 -d winning > output_file

>output_file then shows to be a .jpg image of our much loved Charlie Sheen.. WINNING ;)
-(can check the file type in hex editor and look for file headers/trailers)

> The final part of the challenge is to extract the password protected steganography within the image. (using steghide)
Code: [Select]
steghide extract -sf winning.jpg
password: winning
Quote
OK !

This was the last step..

Well done challenge complete !

For those who tried, hope you enjoyed it !
« Last Edit: November 21, 2012, 04:16:50 AM by TAPE »
Take all the advice you like and then tell everyone to **** off and do your own thing -- Gitsnik

Offline kinchan

  • Experienced
  • ***
  • Posts: 179
  • Internets: +16/-0
  • Love My Pi and my N900
Re: THS - IMAGE CHALLENGE 3
« Reply #9 on: September 01, 2013, 02:46:00 PM »
it was fun! i go to the next challenge!
"Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime."
##### Current project >> otto-gui ##### website #####