67 lines
1.2 KiB
Org Mode
67 lines
1.2 KiB
Org Mode
* EXIF - Thumbnail
|
|
|
|
Task
|
|
|
|
Find the password hidden in this JPG image.
|
|
|
|
[[./ch10.jpg]]
|
|
|
|
#+begin_src sh
|
|
exiftool ch10.jpg -b > thumbnail.bin
|
|
#+end_src
|
|
|
|
** Full process
|
|
|
|
1) Checked metadata in the original image:
|
|
|
|
#+begin_src sh
|
|
exiftool ch10.jpg
|
|
#+end_src
|
|
|
|
Key findings:
|
|
- `Thumbnail Offset: 202`
|
|
- `Thumbnail Length: 41506`
|
|
|
|
2) Extracted the correct thumbnail from EXIF:
|
|
|
|
#+begin_src sh
|
|
exiftool -b -ThumbnailImage ch10.jpg > thumb_extracted.jpg
|
|
file thumb_extracted.jpg
|
|
exiftool thumb_extracted.jpg
|
|
#+end_src
|
|
|
|
Result:
|
|
- `thumb_extracted.jpg` is a valid JPEG (600x339)
|
|
- it also contains another EXIF thumbnail (`Thumbnail Length: 15957`)
|
|
|
|
3) Extracted one level deeper:
|
|
|
|
#+begin_src sh
|
|
exiftool -b -ThumbnailImage thumb_extracted.jpg > thumb2.jpg
|
|
file thumb2.jpg
|
|
exiftool thumb2.jpg
|
|
#+end_src
|
|
|
|
Result:
|
|
- `thumb2.jpg` is a JPEG (300x300)
|
|
- JPEG comment: `We need to go deeper`
|
|
|
|
4) Extra checks (stego tools unavailable in this environment):
|
|
|
|
#+begin_src sh
|
|
steghide info thumb2.jpg
|
|
binwalk thumb2.jpg
|
|
#+end_src
|
|
|
|
Both commands were not installed in this environment.
|
|
|
|
5) Opened/read the image content of `thumb2.jpg` directly.
|
|
|
|
The text visible in the image:
|
|
|
|
`The flag is: B33r!sG00d!`
|
|
|
|
** Flag
|
|
|
|
`B33r!sG00d!`
|