- Name : European Cyber Week CTF Quals 2016
- Website : challenge-ecw.fr
- Type : Online
- Format : Jeopardy - Student
Donwload the mario music on the web page and let's analyse it with binwalk:
Did you see the embed PNG? Let's extract it with foremost.
Now we can check the image file.
Just by displaying it we have seen:
Now let's see where is the second part of the flag!
This challenge seems to be a steganography one. Let's check a classic: LSB.
Nothing in the picture so let's check the
I found a writeup talking about LSB in a WAV file.
Perfect it's using my favorite scripting language (Ruby) and this ruby gem.
We used the same script as in the writup:
Here is what we retrived we the script:
Display the new image and get the second part of the flag: