 Hello internet, this is another video on the B-Sides Connecticut cap for the flag competition. In this case, I want to be looking at some of the steganography challenges in this category Stagger Done. Plopcat, sorry for 112 points will be the first one that we take a look at. Let's see if the challenge prompt will load. Classic internet connection. Okay, cool. So as he wants to get it out, help him. Answer is inside the curly braces key equals this thing. This challenge brought to you by this individual. Let him know if you enjoyed it. They had a cool feature to just offer a link to tweet to the like challenge author or the developer of that problem. And then you could just say, Oh, I like this challenge, etc. They're kind of neat. So cool to just be able to see these people on Twitter and see them in the same room, you know, at the same time. So all right, let's just jump in. I have this already downloaded. I think I was about to say dump in stag. Plopcat is the one that we're working on. I've got this all set up here. So let's see what we're working with. This is Plopcat. All right. So obviously it is just a thing here, we can go ahead and strings it right just a regular JPEG image. I'm going to run this through less. So I can see everything that I'm just going to hit page down a little bit to keep looking through this stuff because I do want to be thorough. And there we go. I find this giant binary string here. So okay, let's see what we can do with this. Let's go ahead and convert it into something else. I'm going to run Python. And then let's just say int with that paste it in base two. So oh, it's got to actually be a string. Go ahead and paste that with quotes. Okay, cool. And then let's go ahead and take the hex of that. And let's carve it up. So slice from two. So we remove the zero x the start and the L the variance of negative one. And then we can go ahead and decode that from hex. And we get the key just like that. So okay, let's go ahead and actually, can I carve that? May as well just slice that too. Let's go 123455 in to negative one, right? Okay, sweet. And there is our flag. Let's go ahead and make a simple get flag script with that, right? May as well automate it just because we can. And that way we can save it. I hit the caps lock key. Just print that out. Yes. Mark as executable. Run it. And I think I had a typo must have hit an extra key in there at the very end. Just a random tab key. What? Oh my goodness, I made it a bash script. You guys should have told me wasting so much time in this video. All right. Sweet. That can be our flag and we would submit that for some points. Let's mark plop cat as complete. We've wasted like three minutes already. Let's jump into the note. This is a another challenge that had a couple solves, download this image and it has I have the dog just as a thing, you could do whatever reconnaissance that you wanted on it strings again, foremost, been walks, tech hide, etc. If it's a steganography challenge, what I want to do is go ahead and run steg solve on it. And if you don't have a steg solve, you can just go ahead and find online. Simple Google search should take you to a GitHub repository where you can download it. And it's a Java jar file. So let's run it from the current directory. So steg solve.jar hit open up a file and we've got ours already loaded in there. And you can just arrow through a couple different filters and forms here. We will see in red plane zero and some of the others, we have the key visible. So let's go ahead and just jot it down. I want to say nano flag dot text. I think I had a colon in there somehow. Let's go ahead and say x t three eight u q h v x two x you not a good way to for us to automate that. We can write a note like okay, hey, solution dot text, go ahead and just run steg solve on it. But that is that good to know that tool obviously in it comes in handy when it's necessary all cat 237 points. So the cat sees it will you we can download this. Let's just go ahead and get to that directory all cat. Looking at a JPEG image. Let's go ahead and take a look. It's a cat. Sweet. Run strings on this, right? The usual reconnaissance that we do looks like it has interesting data in it. Oh, a lot of blank stuff. Interesting. Don't see a whole lot in there. We can run XF tool on it. And okay, we see some interesting stuff here. This actually has a lot of data. Windows photo editor, color space this interesting that it has XP comment. I've never I don't normally see that and if it's got a comment that it's something interesting that looks like hex, right? So let's go ahead and check out what that is. Also has some binary data we can go ahead and decode. But it looks like that might just be a thumbnail image. Let's let's check it out. Let's just say this decode hex. Oh, okay, there's the key, right? Cool. Let's go ahead and slice that up five to negative one. And that will simply be our key or flag we can submit. Create a simple get flag script. Actually use the correction bang line when you're working in the Python language. Follow my lead. Don't make my mistakes. Those are counterintuitive things. I can't say both of those. Perfect. Let's move all cat to complete. Cool techniques, right? Next one is test pattern testing testing confirm message received, etc. Let's go ahead and check what what that is. Stag puzzle JPEG. It is another PNG image. Alright, interesting. Let's try and move that then to a PNG file. Can I use the eog that now? I've known, right? Yep, looks like it has interesting colors in here. We could again, if we wanted to just run stag solve. Whoop. A lot of results here. I should honestly just make like, put this in a directory that I know how to easily get to it. But open up the current thing. Let's open up the PNG file. Not a lot here. peculiar, right? But we've got other tools we can run this, right? Let's run z stag. Since it is a PNG file, we know that we can on PNG. Oh, let's actually it that's interesting. It says key key key key equals nine. Huh? Let's z stag tack a for everything. Wow, interesting stuff. Key equals text nine. GVJ. Looks like we can see it looks like it's trying to grow portions of it. Key. This is peculiar. GVJ six. Fp six. I'm trying to piece this together in my mind because let's go ahead and split this horizontally flag dot text. We see turn this down key nine. Sorry, I probably just sound like an idiot. Nine GVJ. I put a zero nine five p y f. Hmm. I think we actually had better luck when we didn't hadn't we didn't have it test all looks like key all this stuff repeats. Because we had nine GVJ and then six u a was another part that repeated over and over again. P y five is the next part that comes from it. And f y till day may just be a blind part. And that looks right that was the key. So if we wanted to we could go ahead and submit that go ahead and paste it in. But it should tell me okay, we've already solved this that was that challenge that is the flag. It's just coordinating and piecing together this parts that I don't know why they repeat an interesting way, but it is trying to hide some text in that. So now that we've got that flag written down, let's go ahead and mark that as complete. I'll close that window. Zoom in a little bit here. And that was that challenge. Alright, what do we have next? Should be bear cat. Let's just chime into that one. Bear cat. We have this image. The challenge from here is just if you want to get this flag out to figure out multiple ways to skin or shave a cat. Okay, you G bear cat. Nice, I dig it. Let's go ahead and do our low hanging fruit. Right strings on here. pipe that into actual less interesting stuff. Again, more kind of blank space. Nothing particularly sticks out. We could throw attack and argument on the strings if you wanted to just to get things longer than a certain length. Let's check out exit tool. exit tool gives us some interesting information. It even has an XP comment. Okay, again, just as we've seen before looks looks like base 64. Let's go ahead and decode that. pipe it to base 64 tack D. It says not a chance. Alright, let's just save that something dot text maybe that's a secret key or something we can use with steg hide, right? Steg hide extract tech SF on our file here. Maybe password can be not a chance. Nope, nothing. Okay, let's go for bin walk bin walk tacky on this. Oh, looks like it has some kind of archive in here. It didn't extract it though. Weird. Let's try and run foremost on it output. Looks like it just gets the image again. Okay, so I learned a new trick while I was doing this because during the competition bin walk did not extract when I use tack E on it. I think it was I might have to Google this it was deck DD man been walk D DD type CMD extract type signatures given the final extension of extra and execute CMD. I don't know what CMD is. Let's just use trying to remember what I read on stack overflow, you know, DD equals I think was star. It just said colon or period. I'm gonna do it. I'm sorry for having to have to bear with me guys. colon. Yeah. So bin walk extract everything don't do any command on it. But out of stag puzzle three dot jpeg, right? The file that we want to extract stuff from go ahead and carve stuff out. Didn't work. Alright, let's go ahead and Google bin walk extract didn't work. I don't remember what it was. Been walking not extracting files from binary. This is the link that I clicked on DD dot slash. Okay, so just a dot star. Weird. Solution is don't read the man page is just ask the internet. I cool it extracted everything. Let's go ahead and see what we got here. If I run file on all these it looks like the 65 dco is the sevens of archive. Let's try and move that to something dot seven Z. And let's run seven z on it to extract it something and this is where we need the password. Let's try not a chance with capital n capital C. Looks like it extracted not a secret transmission P cap. So during the competition, I had no idea that that comment was there from the exit data from the metadata. I never caught that whatsoever. And I was just trying to hammer the seven Z with with passwords from like rock you dot text, I use john the ripper to get like a seven z to john format and then I tried to crack it. Nothing worked. So eventually we caught our eyes on that. So very cool. Let's see what we've got here. We've got now just a regular P cap, right? Yep, we can go ahead and wire shark it if we wanted to. I say that because if we wanted to I like to go the easy route. Just simply get me back to my prompt please. It'll happen eventually wire shark will let go. All right, fine. I guess we'll just jump to a new shell. Of course, just as I say that. So let's run strings on that not a secret thing. Let's greptack I for key. And it looks like we've got key equals and password equals this stuff. Let's go ahead and decode this right URL decode. I'm just going to go for a lazy online one URL decode, paste this in. And we get this. So that is our flag. Cool. And I have one more that I can showcase from this challenge. It takes a little bit extra work. So I may save it to the next video. This video is getting long. And I have yet to solve this alt correct text iconography. It says email dot text. And it looks like it has very, very interesting stuff in here. But there's no like white space in it. There weren't any tabs or random spaces. I don't exactly know what I'm looking at just yet for this one. But I can cover this ogres are like onions that we solve after the competition. I learned something new with that. So hope you guys enjoyed this video. Hope you guys had some interesting cool insight with some of these and just I don't know maybe some things you learned if you haven't seen some of the stuff before or just knowing the tactics and knowing what to look for. So thanks for watching. Hey, before I go, I do want to give a quick shout out to the people that support me on Patreon. Thank you guys so much. I cannot say it enough. $1 a month on Patreon will give you a special shout out just like this at the end of every video and just that feel good feeling for helping another guy, another dude just trying to make his way in the world, you know, try to put food on the table, trying to learn how to talk $5 a month or more will give you early access to everything that are released on YouTube before it goes live because I like to record stuff in bulk, try and have it ready and prepared for like a gradual release schedule. If you want the content right when it's ready, right when it's hot, I'll put in the Google Drive shared folder and hopefully be able to access it whenever you would like. So thanks again for watching. Please do like join our Discord server link in the description. It's a cool community full of CTF players, programmers and hackers like comment and subscribe all that great stuff. I love you. I'll see you later.