Holiday Challenges🎅

🎄Challenge 1:

❄️Flag 1:

• Decode the filename from base64 to get the flag

• How? Use:

  • > echo ZmxhZyAjMTogaGV4YWRlY2ltYWxfdHJlZQ== | base64 -d

  • https://gchq.github.io/CyberChef/#recipe=From_Base64('A-Za-z0-9%2B/%3D',true)&input=Wm14aFp5QWpNVG9nYUdWNFlXUmxZMmx0WVd4ZmRISmxaUT09

• Flag: hexidecimal_tree (hmm… looks like a hint!)

❄️Flag 2:

• Run the strings command to get the flag (and hints)

• How?

  • > strings [filename]

    • Flag #2: 20 57 33 5f 77 49 73 68 5f 55 2e 2e 2e

    • Well done! Hint: flag #3 hides within the colors. https://imagecolorpicker.com/en/

    • https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto')

• Wow! Another hint?

• https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto')&input=MjAgNTcgMzMgNWYgNzcgNDkgNzMgNjggNWYgNTUgMmUgMmUgMmU

• Flag: W3_wIsh_U...

❄️Flag 3:

• This flag is written in faint color. You can use the bucket fill tool

• How?

  • Open Gimp on your VM

• Click on the bucket tool shown above or use “ctrl-b” → Click on areas in the background to reveal the flag!

  • Flag: can_you_see_me?

❄️Flag 4:

• Using the color picker website and hex decoder we got from running the strings command, pick the hexadecimal of the 5 colors and decode from hex

• First, upload your image. Then use the color picker to find the codes: #6d3372, #52795f, #436872, #317374, #6d4073

• https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto')&input=NmQzMzcyIDUyNzk1ZiA0MzY4NzIgMzE3Mzc0IDZkNDA3Mw

• Flag: m3rRy_Chr1stm@s

☃️Challenge 2:

❄️Flag 1:

We know it’s a photograph (the name of the file tells us!), so change .mp3 in the filename to .jpg to get the first flag.

• Want to know how to tell what filetype it is without a filename?

  • > file [filename

• Mp3 imposter!

❄️Flag 2:

• Run the strings command to get a hint.

  • > strings [filename]

    • steghide password is flag #1

• We now know that steghide passcode is flag #1 (which we found is xmas).

  • > steghide extract -sf [filename]

  • Remember, your password won’t show up when you type it!

Using this we could extract a QR code, decode the QR code and we get a binary string, decode the binary string and we get the flag

• (Scan with your phone or use this command:)

  • > zbarimg QR.png

    • QR-Code:Flag: 01010001 01010010 01011111 01000011 00110000 01100100 01000101 01011111 01001101 01000000 01010011 01110100 00110011 01110010

    • scanned 1 barcode symbols from 1 images in 0.02 seconds

  • https://gchq.github.io/CyberChef/#recipe=From_Binary('Space')&input=MDEwMTAwMDEgMDEwMTAwMTAgMDEwMTExMTEgMDEwMDAwMTEgMDAxMTAwMDAgMDExMDAxMDAgMDEwMDAxMDEgMDEwMTExMTEgMDEwMDExMDEgMDEwMDAwMDAgMDEwMTAwMTEgMDExMTAxMDAg MDAxMTAwMTEgMDExMTAwMTA

• Flag: QR_C0dE_M@St3r