RingZer0-122 - Steganography - Brainsick
Brainsick
Another image. This time we get a gif image.
The size of the image is awfully big for the size of it.
exiftool 5411333e505440020a1799da6071851b.gif
ExifTool Version Number : 10.40
File Name : 5411333e505440020a1799da6071851b.gif
Directory : .
File Size : 153 kB
File Modification Date/Time : 2017:10:27 14:26:14-04:00
File Access Date/Time : 2017:10:27 14:26:36-04:00
File Inode Change Date/Time : 2017:10:27 14:26:20-04:00
File Permissions : rw-rw-r--
File Type : GIF
File Type Extension : gif
MIME Type : image/gif
GIF Version : 89a
Image Width : 440
Image Height : 385
Has Color Map : Yes
Color Resolution Depth : 8
Bits Per Pixel : 8
Background Color : 0
Image Size : 440x385
Megapixels : 0.169
We’ll use binwalk to verify if there’s something else beside the image in that gif.
binwalk 5411333e505440020a1799da6071851b.gif
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 GIF image data, version "89a", 440 x 385
78301 0x131DD RAR archive data, first volume type: MAIN_HEAD
Binwalk found a rar archive. Let’s extract everything.
binwalk -e 5411333e505440020a1799da6071851b.gif
If we enter the new directory created by binwalk and look at the image called flag.gif, we’ll see the flag.
The flag is FLAG-Th2K4s83uQh9xA