Open in app

Sign in

Write

Sign in

picoCTF information — ForensicsChallenge Challenge- Walkthrough

This challenge involves analysing an image file and uncover hidden information embedded within it.

IritT
3 min read2 days ago

Site URL: https://play.picoctf.org/practice/challenge/186?category=4&difficulty=1&page=1&search=

Description

Files can always be changed in a secret way. Can you find the flag? cat.jpg

Hints

  1. Look at the details of the file
  2. Make sure to submit the flag as picoCTF{XXXXX}

Solution

Download the File by Clicking on the link provided in the challenge and download the given file.

Open PowerShell and navigate to the Downloads folder

cd ~/Downloads

Locate the Most Recently Modified File

Get-ChildItem | Sort-Object LastWriteTime -Descending | Select-Object -First 1

Examine the File Metadata using ExifTool

a command-line tool used to read, write, and edit metadata in images, videos, and other media files.

ExifTool is often used in digital forensics to extract metadata from images, which may contain hidden information such as GPS coordinates, timestamps, or embedded messa

exiftool cat.jpg

From the ExifTool output, I see some interesting metadata fields, particularly:

  • Copyright Notice: PicoCTF
  • License: cGljb0NURnt0aGVfbTN0YWRhdGFfMXNfbW9kaWZpZWR9 (which appears to be Base64-encoded)

Decoded Base64 string using CyberChef

https://gchq.github.io/CyberChef/

Flag: picoCTF{the_m3tadata_1s_modified}

Final Thoughts

This challenge provided a valuable opportunity to apply practical cybersecurity skills in metadata analysis, Base64 decoding, and forensic investigation — key techniques used in real-world digital forensics and Capture The Flag (CTF) competitions.

By following a structured methodology, we successfully:

  • Downloaded and analyzed the given file.
  • Verified the file type and metadata using PowerShell and ExifTool.
  • Discovered an embedded Base64-encoded string in the image metadata.
  • Decoded the Base64 string to reveal the hidden flag.

This challenge highlights the significance of metadata in digital forensics. Sensitive information is often stored within metadata fields, and attackers may use it to embed malicious data or exfiltrate information covertly. Understanding how to extract and analyze metadata is crucial for cybersecurity professionals, as it plays a role in threat hunting, malware analysis, and forensic investigations.

Key Takeaway

In cybersecurity, information is often hidden in plain sight. Metadata, file properties, and encodings can contain valuable clues that lead to crucial discoveries. Whether investigating digital forensics cases, analyzing malware, or participating in CTFs, knowing how to uncover hidden data is an essential skill.

Stay curious, question everything, and always dig deeper — because in cybersecurity, the details often hold the key to the solution.

--

--

IritT
IritT

Written by IritT

93 Followers
6 Following

In the world of cybersecurity, the strongest defense is knowledge. Hack the mind, secure the future.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams