1.8 KiB
Difficulty
??
Category
Forensics
How To Solve
When you look at the image of the French diplomat, you can see his name writte at the left side of the portrait: Blaise de Vigenère. Look up his name on the internet and notice that this dude has an own cipher, the Vigenère cipher. Okay, that might be a hint. But before we get to decrypt something, we first need a ciphertext and a key of course.
The ciphertext is found in the metadata of the image. When you run exiftool img.jpeg, you find the following under Image Description: YYFAU{Ua0a4q_J4na1klb_Emdu4i0}. It looks like it has the flag format, but somehow not with the correct characters. Correct. You just found the ciphertext. Now you need to look for the key. That one is hidden somewhere else.
Run steghide extract -sf img.jpeg. Leave the passphrase empty. A hidden zip folder will be extracted from the image, called key.zip.
When you open this zip file, you are asked to enter a password. This time, simply leaving the input empty won't work. Instead, you'll have to brute force the password. For this, you can use a password cracking tool like John the Ripper. Obtain the password hash using the following command: zip2john key.zip > hash.txt. Now the hash.txt file contains the password hash. You can find the actual password using John: john hash.txt. When brute forcing with incremental ascii characters, you obtain the following password: salad. Now you can unzip the zip file. The key is located in the .key.txt file. Now, using Cyberchef, you can use the Vigenère cipher with the YYFAU{Ua0a4q_J4na1klb_Emdu4i0}cipher and key qsdHposfdiuhsSBDisj. You've now obtained the flag.
Flag
IGCTF{Gi0v4n_B4tt1sta_Bell4s0}