Skip to content

Instantly share code, notes, and snippets.

@AshishMahto

AshishMahto/README.md Secret

Last active February 23, 2021 04:44
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save AshishMahto/5571682d50ce4fad2b10d8c24dfc6552 to your computer and use it in GitHub Desktop.
Save AshishMahto/5571682d50ce4fad2b10d8c24dfc6552 to your computer and use it in GitHub Desktop.
Download ZIP
Tenable CTF 2021: Numerological
Raw
README.md

The PNG file given from the challenge:

shield

The Solution

The usual first step for any Steganography challenge (or possibly even all CTF challenges) is to plop it into CyberChef.

image

After exhausting all of the other steganograhy operations, we settled on looking for embedded files, and found a rather large PNG at the offset 0x7839d. (The 3 byte MP3s are uninteresting, they happen to be there because MP3s have a short file signatures / magic bytes)

One of our teammates had seen a Numberphile video (https://youtu.be/9p55Qgt7Ciw) with these symbols, and after a bit of googling with the challenge hint, arrived at https://en.wikipedia.org/wiki/The_Ciphers_of_the_Monks . This was nothing short of super lucky.

Reading off the numbers, we get 3637 3639 3734 3265 3639 3666 3266 3461 3734 3461 3631 3538.

A quick CyberChef "Magic" shows us: https://gchq.github.io/CyberChef/#recipe=Magic(3,false,false,'')&input=MzYzNyAzNjM5IDM3MzQgMzI2NSAzNjM5IDM2NjYgMzI2NiAzNDYxIDM3MzQgMzQ2MSAzNjMxIDM1Mzg
which was interesting, as the double hexdump looked similar to a link.

Finally, simply removing all of the spaces lets CyberChef parse the hexdump correctly and gets us a link to the flag: https://gchq.github.io/CyberChef/#recipe=Magic(3,false,false,'')&input=MzYzNzM2MzkzNzM0MzI2NTM2MzkzNjY2MzI2NjM0NjEzNzM0MzQ2MTM2MzEzNTM4

https://git.io/JtJaX

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment