Open in app

Sign in

Write

Sign in

picoCTF Scan Surprise — Forensics Challenge- Walkthrough

This challenge involves extracting hidden data from a QR code provided in an image.

IritT
3 min read6 days ago

Site URL: https://play.picoctf.org/practice?category=4&difficulty=1&page=1&search=

Description

I’ve gotten bored of handing out flags as text. Wouldn’t it be cool if they were an image instead? You can download the challenge files here:

The files are accessible via SSH here: ssh -p 54043 ctf-player@atlas.picoctf.net Using the password 1db87a14. Accept the fingerprint with yes, and ls once connected to begin. Remember, in a shell, passwords are hidden!

Hints

  1. QR codes are a way of encoding data. While they’re most known for storing URLs, they can store other things too.
  2. Mobile phones have included native QR code scanners in their cameras since version 8 (Oreo) and iOS 11.

3. If you don’t have access to a phone, you can also use zbar-tools to convert an image to text.

Solution

Open PowerShell and connect to the a remote computer (server) using SSH.

- If you see a message asking to confirm the connection, type `yes` and press Enter.
- This step allows us to access the server where the challenge files are stored.

ssh -p 54043 ctf-player@rhea.picoctf.net
yes

When asked for a password, enter:

1db87a14

Verifying the Image File

ls -lah

It looks like the QR code image we need to scan is flag.png, but it’s owned by root, meaning we don’t have permission to read it directly.

Checking File Permissions (detailed file information in Human-readable sizes)

ls -lah flag.png

Since flag.png is owned by root, we cannot modify or move it directly. However, we can still read it because it has read permissions (-rw-r — r — ) for all users.

Decode the QR Code zbarimg (powerful CLI tool for scanning QR codes from images)

zbarimg flag.png

flag: picoCTF{p33k_@_b00_19eccd10}

Final Thoughts

This challenge was an excellent exercise in file analysis, command-line usage, and QR code decoding — all fundamental skills in cybersecurity and CTF competitions.

By following a structured approach, we successfully:

  • Listed av Connected to the remote server via SSH.
  • Listed available files and examined their permissions.
  • Verified file accessibility despite permission restrictions.
  • Used zbarimg to extract hidden data from the QR code.
  • Retrieved and submitted the correct flag.

This challenge reinforces the importance of reading file metadata, leveraging built-in Linux tools, and applying alternative methods when faced with access restrictions. It also highlights how encoded data (such as QR codes) can store critical information, a common tactic in real-world cybersecurity scenarios.

Key takeaway

In cybersecurity, valuable data is often hidden in plain sight — whether in metadata, encoded images, or subtle file attributes. Always think like an analyst: analyze, verify, and extract information using the right tools.

Keep hacking, stay curious, and always question what’s in front of you — because in cybersecurity, assumptions are the biggest vulnerabilities.

--

--

IritT
IritT

Written by IritT

92 Followers
6 Following

In the world of cybersecurity, the strongest defense is knowledge. Hack the mind, secure the future.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams