feat: add french-diplomat challenge

2024-11-25 22:29:53 +01:00 · 2024-11-25 22:29:53 +01:00 · b32f121d33
commit b32f121d33
parent c1d973ea26
5 changed files with 21 additions and 0 deletions
--- a/french-diplomat/README.md
+++ b/french-diplomat/README.md
@ -0,0 +1,7 @@
+# French Diplomat
+## Text
+What is this 16th century old French diplomat hiding from us?
+## Files
+[img.jpeg](img.jpeg)
+## How to Deploy
+n/a
--- a/french-diplomat/SOLUTION.md
+++ b/french-diplomat/SOLUTION.md
@ -0,0 +1,13 @@
+## Difficulty
+??
+## Category
+Forensics
+## How To Solve
+When you look at the image of the French diplomat, you can see his name writte at the left side of the portrait: Blaise de Vigenère. Look up his name on the internet and notice that this dude has an own cipher, the Vigenère cipher. Okay, that might be a hint. But before we get to decrypt something, we first need a ciphertext and a key of course.
+
+The ciphertext is found in the metadata of the image. When you run `exiftool img.jpeg`, you find the following under `Image Description`: `YYFAU{Ua0a4q_J4na1klb_Emdu4i0}`. It looks like it has the flag format, but somehow not with the correct characters. Correct. You just found the ciphertext. Now you need to look for the key. That one is hidden somewhere else.
+
+Run `steghide extract -sf img.jpeg`. Leave the passphrase empty. A hidden zip folder will be extracted from the image, called `key.zip`.
+When you open this zip file, you are asked to enter a password. This time, simply leaving the input empty won't work. Instead, you'll have to brute force the password. For this, you can use a password cracking tool like John the Ripper. Obtain the password hash using the following command: `zip2john key.zip > hash.txt`. Now the `hash.txt` file contains the password hash. You can find the actual password using John: `john hash.txt`. When brute forcing with incremental ascii characters, you obtain the following password: `salad`. Now you can unzip the zip file. The key is located in the `.key.txt` file. Now, using [Cyberchef](https://gchq.github.io/CyberChef/#recipe=Vigen%C3%A8re_Encode('qsdHposfdiuhsSBDisj')&input=SUdDVEZ7R2kwdjRuX0I0dHQxc3RhX0JlbGw0czB9), you can use the Vigenère cipher with the `YYFAU{Ua0a4q_J4na1klb_Emdu4i0}`cipher and key `qsdHposfdiuhsSBDisj`. You've now obtained the flag.
+## Flag
+`IGCTF{Gi0v4n_B4tt1sta_Bell4s0}`
--- a/french-diplomat/img.jpeg
+++ b/french-diplomat/img.jpeg
--- a/french-diplomat/key.zip
+++ b/french-diplomat/key.zip
--- a/french-diplomat/key/.key.txt
+++ b/french-diplomat/key/.key.txt
@ -0,0 +1 @@
+qsdHposfdiuhsSBDisj