Category: Forensics Points: 200 Solves: 196 Description:
by polym
This writeup is based on these writeups: 1 2 and 3.
We are given four PNG pictures named 1.png to 4.png and one JPG named steghide.jpg.
The PNGs each show an airport from around the world, the JPG shows us the logo of a steganography tool named steghide.
The author used the steghide tool with a password that has to be found.
The password consists of the abbreviation of each airport seen in the PNGs.
To find each airport, we can use image reverse search tools like tineye, image raider or Google images.
The airports are:
- HAV - José Martí International Airport
- HKG - Hong Kong International Airport
- LAX - Los Angeles International Airport
- YYZ - Toronto Pearson International Airport
Concating all abbreviations together, we get the passphrase HAVHKGLAXYYZ, which we can use to extract data hidden with steghide:
The flag is flag{iH4t3A1rp0rt5}.
- http://fadec0d3.blogspot.com/2015/09/csaw-2015-forensics-keep-calm-ctf-flash.html
- https://github.com/Alpackers/CTF-Writeups/tree/master/2015/CSAW-CTF/Forensics/airport
- http://toh.necst.it/csaw2015/forensics/Airport/
- http://blog.bitsforeveryone.com/2015/09/writeup-csaw-2015-forensics-airports.html
- http://blog.isis.poly.edu/2015/09/21/csaw-ctf-airport.html
- https://www.youtube.com/watch?v=rmtJHX-f920