WGCS | VishwaCTF-2023 Resources

Learn some CTF tips and tricks! Presented by the WGCS Club at KLSGIT

---

Project Created by KLSGIT-WGCS Maintained By — Darshan

Steganography

• Challenge Name : Guatemala
• Difficulty : Easy

Challenge Description

My friend wanted to install an antivirus for his computer, but the creator of the antivirus was caught!

Assets/files : AV.gif

Methodology

A .gif file was provided with the challenge. A seemingly normal gif that totally did not have anything hidden in it (or did it 👀):

We first ran Exiftool on the gif. Exiftool is an open-source tool that can be used for reading and writing metadata(some extra data about the image size,version etc) to a variety of files. An extract of the metadata given by Exiftool :

Bits Per Pixel : 8

Background Color : 0

Animation Iterations : Infinite

Comment : dmlzaHdhQ1RGe3ByMDczYzdfdXJfM1gxRn0=

Frame Count : 17

Duration : 2.04 s

Image Size : 498x498

Megapixels : 0.248

Note the boldened comment attribute, it seems a bit fishy. The value of the comment seems to be a base64 encoded string. We then used an online base64 decoder (there’s plenty) and voila, we have our flag !!

vishwaCTF{pr073c7_ur_3X1F}

You can also use “base64” a cmd-line tool built into linux. That will go something like this:

base64 -d file-path

Create a file and paste the encoded string in the file. Then execute the above command with that file-path and that will get you the same result.

Tip: base64 encoded strings will usually end with the ‘=’ sign (Why? Research about it!). That’s how you can figure out that it is encoded in base64 !!