PACTF 2018
Last updated
Last updated
Apparently there is something hidden in this image… Hint: You’re looking for text—how might you look at the text of the image?
In the Exif data of the file, the artist tag contains the text flag_is_DjKVIXXQRZZrrAd
Flag: DjKVIXXQRZZrrAd
You received this account.rar file, but it is ‘protected’ under a password. Can you break in?
Hint: Something tells me the user might not be using complex passwords…
When you try and open the rar file it is locked so I went to use John the ripper to create a hash of the file
rar2john rarfile > output.hash
then cracked the password with the default wordlist of rockyou
john --format=rar output.hash
It cracked it very quick as the password was just 123456 and inside was a file "flag.txt"
Flag: rgSueiMYehWJSZPZr
Our musician friend Martin recently bought a melody pack containing different melodies recorded in MIDI format. He hoped to use them in his electronic music tracks and then pretend that he was the person who actually wrote them. He spent a solid hundred dollars, but the website selling sample packs fooled him! Instead of 10 wonderful melodies, he only received one MIDI file. It sounded awful, and Martin quickly noticed why!
Can you notice why?
See for yourself: melody.mid
As it says in the description that it is an midi file, I found Audacity and just opened it up which showed the flag.
Flag: WRITE YOUR OWN MUSIC