 Hello everybody and welcome back to another YouTube video still looking at the Kaisen CTF now moving on to some of the forensics challenges That I want to show off to you the first one was called stegosaurus and it seemed like a lot of people struggle with this I know I did it was awesome one of my teammates actually solved it But we found this lead initially and we didn't really know where to go with it But then my teammate just like came in out of nowhere and and solved it and got the flag for us So that was awesome. I want to showcase it to you guys and show you what the solution was The challenges that the security team found an odd file and nightly system of backups what secrets could it hold? So we get this stegosaurus zip archive, which we'll go ahead and download. I'll create a folder for it stegosaurus Just go ahead and save it in there. We'll hop back over to our terminals. We're gonna start to look at it Go ahead and unzip it stegosaurus and we get this JPEG file So if I take a look at it Here it is stegosaurus So I try to go through the low-hanging fruit. I ended up using like steg solve on it sex off our jar We use foremost on it. We use scalpel. We use bin walk Some of the things that were interesting when we use exit tool to get metadata out of it We ended up using We saw this interesting thing in the artist field because hey, this is base 64 so We ended up taking that I'll just do it in the command line. Actually, I won't open up idle and When we decoded this base 64 it was clueless. This is base 64 because of the equal sign by the way That's always a telltale sign. It's it's base 64 So we decoded and we got the string Jurassic and we thought like oh is this the flag? So we went ahead and try to submit it like that Or we would we wrapped it in that like kaizen flag format, but that wasn't the flag. It didn't work for us We asked around the RC channel just kept banging our heads against the wall just couldn't get it But we knew hey, it's a 100 point challenge. It can't be that hard So we're just trying other steganography tools. We looked up. Is there like a stegosaurus thing on github? Is it like it is stegosaurus itself a steganography tool? But what my teammate ended up trying was he use steg hide which is also an awesome thing for looking at Steganography things you can check out the man page for it and you get it's in your repositories You can just download it and see to app get install if you wanted to So what he ends up doing is he ran steg hide with info the info argument on that stegosaurus jpeg file And it's a jpeg file and it's had all this and it says you want to try and get information about this We go. Yeah, of course we do so it asked for a passphrase And that was when we had that or my teammate had this epiphany in this idea. Oh, oh Jurassic must be the passphrase for it. So we ended that in in of course it has this embedded file in its secret dot text So we want to take a look at that. We want to know. Okay, that's got to be it. So we do Extract and we specify the Steganography file of stegosaurus we enter the passphrase here Jurassic and now it writes out that secret dot text file. So we can allow us to see it now We can caten out and there's our flag kaizen dino's say roar So we were banging our heads against the wall now and for a really long time I don't know why like we should have known But I honestly I've never used steg hide well before I knew it was a tool But I never particularly used it well. I didn't know how I could use it So it was my teammate that brought it to me and I'm just happy and really astonished and awesome It's awesome that he got it. So cool. I want to share it with you guys though That's how you ended up doing in solving the stegosaurus challenge problem in kaizen CTF So thanks for watching guys. Hope you enjoy this one and we'll move on to the next couple of challenges and later videos