OK, so as this challenge completed by a couple of members, herewith a brief explanation on how you could have looked at it ; IF YOU ARE STILL WORKING ON THIS AND DONT WANT THE SOLUTIONS, STOP READING
When looking at an image file, I usually follow a sort of sequence ;
1. Check image file with exiftool for any interesting info.
2. Check image file with hexeditor to see if there is a valid trailer or whether other interesting things are apparent.
3. If there appears to be additional info (after file trailer) in the form of other files, either manually strip the file apart (based on headers and trailers) or run a proggy like 'foremost' on the image file.
4. If there appears to be additional info (after file trailer) in the form of text or the like, see what can be done with that.
First thing you would have noted is the size; 2,4MB is too large for a small image like that.
This would appear to indicate that there are additional files / information to be had.
You can check file header and trailer of the .jpg manually and then see what the remaining file information is,
or you could check the file with for instance 'foremost'.
So, first things first, see if info can be found in image properties with exiftool ;
In the image comment we see what appears to be a weblink;
This turns out to be the imdb page for the awesome series 'Archer' (love that dude
Otherwise not much more to see.
So on to a next step, what does the hex look like.
When checking the file trailer, it doesnt look like what we would expect at the end of a jpg file at all ! (FF D9)
This could mean that the file contains more than just the jpg, lets see if we can check for, and attempt extraction of additional files (which is the expection in view of file size and file trailer);
This will create a directory called 'output' with info on what foremost was able to extract.
(note that false positives are not uncommon and you may want to tweak your /etc/foremost.conf file..)
In this case you should get a couple of directories, with an .avi file and a .rar file
The .avi file is one showing a dude (Archer) having a particularly rough morning following booze infused night out
and reciting an awesome 'poem' on the merrits of Bloody Maries.
No further clues to be found in the avi file.
Considering the 2 references to Archer, it could be its safe to say that Archer has something to do with the challenge.
The rar file is password protected.
Now to get the password of the rar file you would look at names and hints given in the challenge, following the references to Archer
it shouldnt take you too long to try the word "Archer" as password.
(rar name may vary for you)
unrar e 00000069.rar
So when you extract the rar file, you are presented with a file called 'wins', but the contents appear to be encoded.
When looking at the file you should recognize the use of base64.
(as soon as I see plaintext with '/' and/or '=' I check if base64. The '=' is used as filler so can be a giveaway for base64 encoded info)
OK, so lets see if that assumption is correct by trying to decode the base64 ;
base64 -d wins > output.file
Checking if the filetype is something reconized ;
Hey a jpg !
With that the challenge is complete
For those who had a shot at it, hope you enjoyed
FYI, I created the file by manually pasting the hex of each file under the hex of the jpg file, so the file was ;
This in order to try to make it not too obvious that the rar was there.
Of course if you go through the file headers and trailers (as you should!) you would have quickly seen the rar file.