Image for post
Image for post

RITSEC Fall 2018 CTF — Week 7

23[M/0TW%.T9?3)8?AR%.T?%N/UGH]
RS{mOPtwENtY_SIX_arENt_EnOugh}
a1 a0 88 c0 8b 90 c2 86 80 c2 85 c0 ac c3 81 ac 80 c3 9e c0 87 9b c2 9d 94 8e
1010000110100000100010001100000010001011100100001100001010000110100000001100001010000101110000001010110011000011100000011010110010000000110000111001111011000000100001111001101111000010100111011001010010001110
((text) xor (key)) xor (text) = (key)
0101001001010011011110110011001101111000011000110011000101110101011100110011000101110110001100110101111100110000011100100101111101110011001100000110110100110011011101000110100000110001011011100110011101111101
MDEwMDAxMDAgMDExMDExMTEgMDExMTAxMTEgMDExMDExMTAgMDExMDExMDAgMDExMDExMTEgMDExMDAwMDEgMDExMDAxMDAgMDAxMDAwMDAgMDExMTAxMDAgMDExMDEwMDAgMDExMDAxMDEgMDAxMDAwMDAgMDExMDEwMDEgMDExMDExMDEgMDExMDAwMDEgMDExMDAxMTEgMDExMDAxMDEgMDAxMDAwMDAgMDExMDAwMDEgMDExMDExMTAgMDExMDAxMDAgMDAxMDAwMDAgMDExMDAxMTAgMDExMDEwMDEgMDExMDExMTAgMDExMDAxMDAgMDAxMDAwMDAgMDExMTAxMDAgMDExMDEwMDAgMDExMDAxMDEgMDAxMDAwMDAgMDExMDAxMTAgMDExMDExMDAgMDExMDAwMDEgMDExMDAxMTEgMDAxMDAwMDEgMDAxMDAwMDAgMDExMTAwMTEgMDExMDAxMDEgMDExMDAwMTEgMDExMTAwMTAgMDExMDAxMDEgMDExMTAxMDAgMDExMDEwMDAgMDExMDEwMDEgMDExMDAxMDAgMDExMDAxMDAgMDExMDAxMDEgMDExMDExMTAgMDExMDAxMDAgMDExMDExMTEgMDExMDExMDEgMDExMDAwMDEgMDExMDEwMDEgMDExMDExMTAgMDAxMDExMTAgMDExMTAwMTAgMDExMDEwMDEgMDExMTAxMDAgMDExMTAwMTEgMDExMDAxMDEgMDExMDAwMTEgMDAxMDExMTAgMDExMDAwMTEgMDExMDExMDAgMDExMTAxMDEgMDExMDAwMTAK
Image for post
Image for post
Image for post
Image for post
Results of checking hash type with md5hashing.net
01000100 01101111 01110111 01101110 01101100 01101111 01100001 01100100 00100000 01110100 01101000 01100101 00100000 01101001 01101101 01100001 01100111 01100101 00100000 01100001 01101110 01100100 00100000 01100110 01101001 01101110 01100100 00100000 01110100 01101000 01100101 00100000 01100110 01101100 01100001 01100111 00100001 00100000 01110011 01100101 01100011 01110010 01100101 01110100 01101000 01101001 01100100 01100100 01100101 01101110 01100100 01101111 01101101 01100001 01101001 01101110 00101110 01110010 01101001 01110100 01110011 01100101 01100011 00101110 01100011 01101100 01110101 01100010
Download the image and find the flag! secrethiddendomain.ritsec.club
Image for post
Image for post
File obtained from secrethiddendomain.ritsec.club
Image for post
Image for post
Partial text of hex dump for doge.jpg
Image for post
Image for post
Results of the “steghide info doge.jpg” command
Image for post
Image for post
Results of the “steghide extract -sf doge.jpg” command
Image for post
Image for post
Results of the “cat not_super_duper_secret.txt” command
.-.---......---.....-.---.....---...-.---...-..---.....---...-.---...--.---.....--.----....--.---....----...----...----....---....-.---...-.---......---.....--.----.....---......---.....--.----...-.----....---...-.-----.....--.----.....-.---...------....-.---.....--.----...-.-.---....-.---...-.-----....--.---...----...---
.-. ---... ... ---...
.-. ... ..-. .. -. -.. .. -. --. ..--.- .--. .- - - . .-. -. ... ..--.- .. ... ..--.- -.- . -.-- ..--.- ..-. --- .-. ..--.- -.-. .-. -.-- .--. - ---

Written by

DFIR, CTFs, disinformation, STEM education, and pretty much anything else that comes to mind. RIT Computing Security ’22. wyatttauber.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store