 What's going on everybody? My name is John Hammond. We're taking a look at Pico CTF again. This challenge is called What Lies Within for 150 points in the Forensics category. It says there's something hidden in the building. Can you retrieve the flag? So we can take a look at this. Go ahead and W, get it? I will, I'm going to get started by making a directory for us. We'll say What Lies Within and then we can hop on over there, grab this file and keep working. So, we look like we are working with a regular PNG file. If we actually view that, it has just a picture of a building. So that's nice. You could do your regular file reconnaissance, run strings on that if you need to, exit tool, etc, etc. You could do kind of any steganography techniques if you'd like. And that is actually direction that we will end up going in. You can track this flag down by using ZSteg, which will try and do some least significant bit steganography in any PNG file that you give it. It will only work with PNG files. So being given one, at least we can use that as a sort to try. So if you don't have ZSteg, it is a gem package. So you can gem install ZSteg. You might need to pseudo that. And again, obviously to get gem, you need Ruby, it is a Ruby tool. So we would just end up running ZSteg. And I like to use tack A to have it try everything on that. It will fly out a lot of stuff. So I'm going to hit Ctrl C very, very quickly. And you can see Pico CTF hiding in the bits is in there. And that is our flag that we're looking for. If you wanted to, we could simply grep for that flag. If you wanted to not deal with all of that stuff that ZSteg was giving you, that way you'll get that flag quickly and easily. What you can do, in this case, if you wanted to run Katana, Katana will solve this. It will actually track down, again, just running ZSteg and trying that methodology to track down the flag for us. We can simply return it back out. So I will source that GitHub Katana. We want environment bin activate. Cool, okay. So now I could simply run Katana with the flag format of Pico CTF, we can use tack auto and we should be able to even just give it the link again. Let me try that, see if it downloads it and works with it just fine. Give it go, initializing complete, starting thread, take a little bit of time. Okay, maybe that download one is trying to accept it as a web page. So let's just give it the actual file itself. I'll throw that to buildings. And because I have that results directory already existing because I ran this previously, I need to remove the results and there it is. That'll crank out the flag for us nice and easily. Great, if you don't end up using a URL or you're actually working with the file, it's normally a better practice to just give it the actual file, but you should maybe potentially be able to just give it the URL and let it play with it. So maybe it doesn't spin off into any web units. Let's go ahead and create that as a flag for us nano flag dot text. Good enough, we can finish this here and let's get started on that other challenge because I think that should be pretty easy as well. This one's called extensions for 150 points. Again, in the forensics category, it says this is a really weird text file and gives us a link, can you find the flag? So let's go ahead and create a directory for extensions. I'll W get this, fail on my paste there. There we go. So I have this flag dot text, which we could just cat out, but it does not happen to be plain text. There's a lot of nonsense and noise there. So if you wanna verify what that actually is, run file on it, it turns out it's just a PNG image. So we can, I've known that flag dot text and that's it. Just Pico CTF, now you know about the extensions. It just gives you the flag. All you needed to do was verify that that was not in fact a text file. Maybe you could run file on it, check out that magic header, identify when you saw IN at the very bottom of our cat output, et cetera. Simple and easy. Because this is in a regular readable font for computers, Tesseract could track this down. So if I were to run Tesseract on flag dot text, it would give it like outputs. There we go. Now I have this output dot text file and then read that just fine. Now I have the raw data. With that said, that means that Katana would be able to solve this because it will go ahead and use Tesseract to work with it. Let's use Katana, Pico CTF as our flag format as we have done all the time before. And let's use tack A and we should be able to just give it that download link. Famous as words, right? I did that last time and it didn't work for us. So let's try it. Download this, initialization complete, downloading, starting threads, still not working for me. Maybe there's something going on and some source code that I will have to check out. Flag dot text, again, because I've already ran this, my results directory exists. So let's just remove that at the end there and we have our flag. Now you know about extensions. So quick and easy. Those the manual method, how you could do this, how you could do that by hand and Katana will crank through it if you'd like to use that utility. It's worth a try sometimes, just so you don't forget those low hanging fruits in a CTF challenge. Let's mark this as our flag. Let's copy that flag to, actually let's move that to prompt dot text, I guess. And then let's give a real flag dot text. We can finish that and paste it in for our points. Alrighty. Thank you guys for watching. I hope you enjoyed this. If you did, please do like, comment, and subscribe. Join the Discord server. There is a link in the description. Lots of cool people there, much smarter than me. All about CTFs, all about Capsule Flags, Hover Security, InfoSec, good, good stuff. So hope to see you there. Hope to see you on Patreon, hope to see you on PayPal. Thanks for watching.