This page looks best with JavaScript enabled

TryHackMe - c4ptur3-th3-fl4g

 •  ✍️ sckull
featured image

C4ptur3-th3-fl4g es una sala de TryHackMe que presenta una serie de retos, utilizamos CyberChef y herramientas en Linux para encontrar la solucion de cada uno de los retos.

Room

Titulo c4ptur3-th3-fl4g box_img_maker
Descripción A beginner level CTF challenge
Puntos 420
Dificultad Facil
Maker

dcdavidlee

Hashes

Algunas paginas con las cuales podemos analizar el hash y resolver los retos en linea.

Hash Identification

Hash Analyzer

CyberChef

Translation & Shifting

#1 L33t o adivinando el mensaje.

Reto:
c4n y0u c4p7u23 7h3 f149?

Solucion:
can you capture the flag?

#2 From Binary

Reto:

01101100 01100101 01110100 01110011 00100000 01110100 01110010 01111001 
00100000 01110011 01101111 01101101 01100101 00100000 01100010 01101001 
01101110 01100001 01110010 01111001 00100000 01101111 01110101 01110100 
00100001

Solucion:

https://gchq.github.io/CyberChef/#recipe=From_Binary('Space')&input=MDExMDExMDAgMDExMDAxMDEgMDExMTAxMDAgMDExMTAwMTEgMDAxMDAwMDAgMDExMTAxMDAgMDExMTAwMTAgMDExMTEwMDEgMDAxMDAwMDAgMDExMTAwMTEgMDExMDExMTEgMDExMDExMDEgMDExMDAxMDEgMDAxMDAwMDAgMDExMDAwMTAgMDExMDEwMDEgMDExMDExMTAgMDExMDAwMDEgMDExMTAwMTAgMDExMTEwMDEgMDAxMDAwMDAgMDExMDExMTEgMDExMTAxMDEgMDExMTAxMDAgMDAxMDAwMDE

#3 Base32

Reto:

MJQXGZJTGIQGS4ZAON2XAZLSEBRW63LNN5XCA2LOEBBVIRRHOM======

Solucion:

https://gchq.github.io/CyberChef/#recipe=From_Base32('A-Z2-7%3D',false)&input=TUpRWEdaSlRHSVFHUzRaQU9OMlhBWkxTRUJSVzYzTE5ONVhDQTJMT0VCQlZJUlJIT009PT09PT0

#4 Base64

Reto:

RWFjaCBCYXNlNjQgZGlnaXQgcmVwcmVzZW50cyBleGFjdGx5IDYgYml0cyBvZiBkYXRhLg==

Solucion:

https://gchq.github.io/CyberChef/#recipe=From_Base64('A-Za-z0-9%2B/%3D',true)&input=UldGamFDQkNZWE5sTmpRZ1pHbG5hWFFnY21Wd2NtVnpaVzUwY3lCbGVHRmpkR3g1SURZZ1ltbDBjeUJ2WmlCa1lYUmhMZz09

#5 Hex

Reto:

68 65 78 61 64 65 63 69 6d 61 6c 20 6f 72 20 62 61 73 65 31 36 3f

Solucion:

https://gchq.github.io/CyberChef/#recipe=From_Hex('Space')&input=NjggNjUgNzggNjEgNjQgNjUgNjMgNjkgNmQgNjEgNmMgMjAgNmYgNzIgMjAgNjIgNjEgNzMgNjUgMzEgMzYgM2Y

#6 Caesar Cipher

Reto:

Ebgngr zr 13 cynprf!

image

Decoder - Caesar Cipher

#7 Rot47

Reto:

*@F DA:? >6 C:89E C@F?5 323J C:89E C@F?5 Wcf E:>6DX

Solucion:

https://gchq.github.io/CyberChef/#recipe=ROT47(47)&input=KkBGIERBOj8gPjYgQzo4OUUgQ0BGPzUgMzIzSiBDOjg5RSBDQEY/NSBXY2YgRTo%2BNkRY

#8 Morse Code

Reto:

- . .-.. . -.-. --- -- -- ..- -. .. -.-. .- - .. --- -.

. -. -.-. --- -.. .. -. --.

Solucion:

https://gchq.github.io/CyberChef/#recipe=From_Morse_Code('Space','Line%20feed')&input=LSAuIC4tLi4gLiAtLi0uIC0tLSAtLSAtLSAuLi0gLS4gLi4gLS4tLiAuLSAtIC4uIC0tLSAtLgoKLiAtLiAtLi0uIC0tLSAtLi4gLi4gLS4gLS0u

#9 Decimal

Reto:

85 110 112 97 99 107 32 116 104 105 115 32 66 67 68

Solucion:

https://gchq.github.io/CyberChef/#recipe=From_Decimal('Space',false)&input=ODUgMTEwIDExMiA5NyA5OSAxMDcgMzIgMTE2IDEwNCAxMDUgMTE1IDMyIDY2IDY3IDY4

#10 Base64 > Morse Code > Binary > Rot47 > Decimal

Reto:

LS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLi0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLi0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLi0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLi0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLi0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLi0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLi0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLi0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLi0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLi0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLi0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLi0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLi0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLS0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0gLi0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLi0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLi0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLi0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLi0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLi0tLS0KLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLS0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLi0tLS0KLS0tLS0gLi0tLS0gLi0tLS0gLS0tLS0gLS0tLS0gLi0tLS0gLS0tLS0gLi0tLS0=

Solucion:

https://gchq.github.io/CyberChef/#recipe=From_Base64('A-Za-z0-9%2B/%3D',true)From_Morse_Code('Space','Line%20feed')From_Binary('Space')ROT47(47)From_Decimal('Space',false)&input=TFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTGkwdExTMEtMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTGkwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMaTB0TFMwS0xTMHRMUzBnTFMwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMaTB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTFMwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMEtMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTGkwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xpMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwS0xTMHRMUzBnTFMwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMaTB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMEtMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xpMHRMUzBLTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xpMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwS0xTMHRMUzBnTFMwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMaTB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBLTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBLTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xpMHRMUzBLTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xpMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTFMwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTGkwdExTMEtMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMEtMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xpMHRMUzBLTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwS0xTMHRMUzBnTFMwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMaTB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTGkwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xpMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTFMwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMaTB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBLTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMaTB0TFMwZ0xpMHRMUzBLTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xpMHRMUzBLTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xpMHRMUzBLTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwS0xTMHRMUzBnTGkwdExTMGdMaTB0TFMwZ0xTMHRMUzBnTFMwdExTMGdMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMEtMUzB0TFMwZ0xpMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xTMHRMUzBnTGkwdExTMGdMUzB0TFMwZ0xpMHRMUzA9

HASHES

#1 MD2

Reto:

39d4a2ba07e44421c9bedd54dc4e1182

Solucion:

https://md5hashing.net/hash/md2/39d4a2ba07e44421c9bedd54dc4e1182

#2 MD4

Reto:

e0418e7c6c2f630c71b2acabbcf8a2fb

Solucion:

https://md5hashing.net/hash/md4/e0418e7c6c2f630c71b2acabbcf8a2fb

#3 MD5

Reto:

efbd448a935421a54dda43da43a701e1

Solucion:

https://md5hashing.net/hash/md5/efbd448a935421a54dda43da43a701e1

#4 NTLM

Reto:

11FE61CE0639AC2A1E815D62D7DEEC53

Solucion:

Microsoft has encryption?

#5 SHA512

Reto:

a361f05487b879f25cc4d7d7fae3c7442e7849ed15c94010b389faafaf8763f0dd022e52364027283d55dcb10974b09e7937f901584c092da65a14d1aa8dc4d8

Solucion:

https://md5hashing.net/hash/sha512/a361f05487b879f25cc4d7d7fae3c7442e7849ed15c94010b389faafaf8763f0dd022e52364027283d55dcb10974b09e7937f901584c092da65a14d1aa8dc4d8

#6 SHA256

Reto:

d48a2f790f7294a4ecbac10b99a1a4271cdc67fff7246a314297f2bca2aaa71f

Solucion:

https://md5hashing.net/hash/sha256/d48a2f790f7294a4ecbac10b99a1a4271cdc67fff7246a314297f2bca2aaa71f

#7 SHA1

Reto:

a34e50c78f67d3ec5d0479cde1406c6f82ff6cd0

Solucion:

https://md5hashing.net/hash/sha1/a34e50c78f67d3ec5d0479cde1406c6f82ff6cd0

SPECTROGRAMS

En este reto nos proporcionan un archivo wav, utilizamos Sonic Vizualiser y agregando una capa de Spectrograma logramos ver la flag.

image

STEGANOGRAPHY

Utilizamos steghide para extraer los archivos contenidos dentro de la imagen.

1
2
3
4
5
6
7
8

➜  capture_the_flag steghide extract stegosteg.jpg 
steghide: unknown argument "stegosteg.jpg".
steghide: type "steghide --help" for help.
➜  capture_the_flag steghide extract -sf stegosteg.jpg
Enter passphrase: 
wrote extracted data to "steganopayload2248.txt".
➜  capture_the_flag cat steganopayload2248.txt 
Spa[... snip ...]teg%

SECURITY THROUGH OBSCURITY

En este reto nos proporcionan una imagen en la que se aplica nuevamente esteganografia.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

➜  capture_the_flag binwalk meme.jpg 

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             JPEG image data, JFIF standard 1.01
30            0x1E            TIFF image data, big-endian, offset of first image directory: 8
74407         0x122A7         RAR archive data, version 5.x
74478         0x122EE         PNG image, 147 x 37, 8-bit/color RGBA, non-interlaced
74629         0x12385         Zlib compressed data, default compression

➜  capture_the_flag binwalk meme.jpg -e

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             JPEG image data, JFIF standard 1.01
30            0x1E            TIFF image data, big-endian, offset of first image directory: 8
WARNING: Extractor.execute failed to run external extractor 'unrar e '%e'': [Errno 2] No such file or directory: 'unrar': 'unrar', 'unrar e '%e'' might not be installed correctly
WARNING: Extractor.execute failed to run external extractor 'unrar -x '%e'': [Errno 2] No such file or directory: 'unrar': 'unrar', 'unrar -x '%e'' might not be installed correctly
74407         0x122A7         RAR archive data, version 5.x
74478         0x122EE         PNG image, 147 x 37, 8-bit/color RGBA, non-interlaced
74629         0x12385         Zlib compressed data, default compression

Extraemos el archivo rar.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

➜  _meme.jpg.extracted unrar e 122A7.rar

UNRAR 5.50 freeware      Copyright (c) 1993-2017 Alexander Roshal


Extracting from 122A7.rar

Extracting  hackerchat.png                                            OK 
All OK
➜  _meme.jpg.extracted ls
122A7.rar  12385  12385.zlib  hackerchat.png

Utilizamos Strings para ver nuestra flag en la nueva imagen.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

➜  _meme.jpg.extracted strings hackerchat.png| tail
'[SQP
S~j@6h
vA}=
*s&__
@9Xs
{@84
2$Es
i2Mc
IEND
"AHH_[... snip ...]_ME!" 
➜  _meme.jpg.extracted
Share on
Dany Sucuc
WRITTEN BY
sckull
RedTeamer & Pentester wannabe

Read other posts

THM: c4ptur3-th3-fl4g