PicoCTF hideme writeup

less than 1 minute read

We are given a file that contains a png file called flag.png.

Running exiftool on the file reveals that the file contains Trailer data after PNG IEND chunk

image-center

According to the specification, a PNG file should end at the IEND chunk. Our file has more data than what the image shows.

Running a quick hex view using xxd reveals a string called secret/flag.pngUT

image-center

Using the strings command reveals an even nicer view.

strings flag.png

#secret/UT
#secret/flag.pngUT

A quick google search suggested that the file could contain hidden data and some people suggested using unzip. And woudn’t you know it. It worked! There is a secrets folder with the flag in it.

Resources

[https://exiftool.org/TagNames/PNG.html]{https://exiftool.org/TagNames/PNG.html} - PNG Tags

Ashen Perera

PicoCTF hideme writeup

Resources

You may also enjoy

Building a Secure Debian Server with Tailscale and Remote Access

Updating the Proxmark3 on OSX

PicoCTF packer writeup

PicoCTF cron writeup