# Image Editing - CTFLearn (Crypto/Hard) ###### tags: `ctf` `forensic` **Description** I sent a couple of images to my friend, Leslie S. Brown, to edit. The only problem is that she only sent back 1 image! Can you help me figure out what happened to the other image? Also, for whatever reason, the image has a red tinge to it. Image: https://mega.nz/#!nGg2DIxA!zL1BLCoPpRB6KPTBrDqHWXyphBn-SRl1qs_kpcyIS4k ## Step 1: Analysis **Hello, i am back for cool WU and it cost my noron too much but it so easy :smiling_face_with_smiling_eyes_and_hand_covering_mouth: if i caution for each of step i do on that :sweat_smile:** - So what i do, read a description firstly and yeah onething i have to doubt which is refer on last of sentence on description **-red tingle-** :thinking_face: but ignore at that time we need download image and look it has relate between image and description that i what target author want :i_love_you_hand_sign: - Download and the image like this:  cute dog huh :elephant: - And one again the description don't relate anything with description but it on float of file so we need to go next step to check deeping on that image ## Step 2: Exploit - So i have somekind tool u need to know about solve that: - [**file**](https://www.geeksforgeeks.org/file-command-in-linux-with-examples/) : it not a tool but ever linux or windows contain that using this for check the file properties - [**zsteg**](https://github.com/zed-0xff/zsteg): tool for analysis the image base on byte, algorithm (LSB/MSB), Color(R/G/B), Postion (xy) and any kind text or file on that **using that to know more information :smiley:** - [**stegsolve**](https://github.com/zardus/ctf-tools/blob/master/stegsolve/install): tool for exploit image - [**binwalk**](https://github.com/ReFirmLabs/binwalk): tool for exploit image - [**exiftool**](https://exiftool.org/): meta data analysis - So that all arsenal we need to prepare and check image with that tool, let first with file and it just return `final.png: PNG image data, 1546 x 1213, 8-bit/color RGB, non-interlaced` and you know that have some helpful info from image like it png img and resolution blah ... - So reach binwalk, i usually check that image with that tool after file, because **it analysis image on the byte and let me know if the image contain anything kind like compressdata or textfile, another images** but after i use this it just return some kind zlib  - so with that infomation if it useful u can using `binwalk -e <FILE>` command to extract/uncompress data from image so binwalk can do with another file not just image so try first :smiley: - So after i extract the data from img i receive zlib file have name 29.zlib  and yup it just all try open that with another hexeditor on linux like hexeditor or windows u can try HxD an it not useful on that :sweat_smile:, so i try to extract zlib because if i lucky i can exploit somekind on that - [**Method to extract the zlib**](https://unix.stackexchange.com/questions/22834/how-to-uncompress-zlib-data-in-unix#comment67353_22837) so i try this command `zlib-flate -uncompress < IN_FILE > OUT_FILE` so if u want to do this command, u need download qpdf package => bum it not useful :smile: the output of file zlib is not have somekind strange to exploit - *Forensic is way to reach target but not going wrong way* :sweat_smile:, u need turn back right now and read the description again **-red tingle-**. And calmdown reach to exiftool, stegsolve and zsteg to continuing exploit - So using exiftool with image and return not useful  - Reach zsteg try that (it have some kind refer description **-red tingle-** ) so run zsteg u need ruby module find method on internet and try that  the first time i just ignore info is importance on zsteg is ***file png 161x29 file with method b1,r,lsb,xy*** :smirk: so i pass that so it cost my time too much but 2 minute i just focus zsteg and yup i see that basic kind like this and to knowing that we reach stegsolve :small_airplane: and go to true fact ## Step 3: Reach True Fact :face_with_finger_covering_closed_lips: - Open stegsolve it need java to run that, install that and enjoy  - Reach to analyse tab and choose the Data Extract  - Choose the what option we need by basing on zsteg return on that image **b1,r,lsb,xy** (b1 for the byte, r is red color, lsb algorithm, xy position of image we can receive) and yeah just choose that option on the tab extract - So what should we do next save that with png because look on the text of the hex file and PNG is the firsthing we see and yup we got the image - But what we do next, you can see the some kind strange on upper of text on the image and that is target we need it will be flag we need to file so we can get that if we don't know how to extract that using the zsteg again :face_with_hand_over_mouth: and you will exploit that image ah hah we get that the text is flag: `1_kn3W_tH3_r3D_w4s_0ff ` wrapthis with CTFlearn{} and you get the flag - But if you want harder you just try the Data Extract option on stegsolve if will be cost you some time to reach that LOL ### Flag: CTFlearn{1_kn3W_tH3_r3D_w4s_0ff} ### So look that cool stuff on that challenge, i think so kind on that will be helpful for you and yeah for me :smiley:. Happy hacking and i will be back soon on the next Challenge or WU :see_no_evil: