今天是個漫長的一天,連續找好多題都解不出來
Root Me 的 medium 題 Base Jumper,本題敘述如下。
It seems steganography is all the rage with attackers exfiltrating data these days.
Look at this example I found, I think it has a flag inside.
首先題目給了一個 jpg 檔案,且標籤寫 Data Exiftration,首先注意到圖片跟標題對應都是低空跳傘,但應該沒什麼關連,看到 exif 就先來找一下有沒有東西。
$ file ch15.jpg
ch15.jpg: JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=11, manufacturer=NIKON CORPORATION, model=NIKON D5000, orientation=upper-left, xresolution=176, yresolution=184, resolutionunit=2, software=GIMP 2.8.16, datetime=2017:08:02 12:34:15, GPS-Data], comment: "CgoK", progressive, precision 8, 1024x680, components 3
...
Subject Distance Range : Unknown
GPS Version ID : 2.2.0.0
Compression : JPEG (old-style)
Thumbnail Offset : 1018
Thumbnail Length : 8498
Comment : CgoK.CgoKTmV=.dHdv.cmsg.V29yax==.aW5n.IEdy.b3VwIJ==.ICAgIC==.ICC=.ICAg.ICAgIE==.ICAgIC==.ICAgIE==.ICAgIF==.ICAgICB=.ICAgUw==.LiBKb3P=.ZWZ=.c3Nvbl==.LCB=.RWQuClI=.ZXF1Zc==.c3QgZp==.b3Ig.Q29t.bWVudHM=.OiAz.NTQ4IG==.ICAgICB=.ICA=.ICAgICB=.ICAgICC=.ICAgIE==.ICC=.ICAg.ICB=.ICAgIF==.
...
首先看到 Comment 的欄位有很可疑的東西,看起來像是 base64
根據標題 Base Jumper 猜測是要想辦法解碼,上網查找到好用的工具
https://gist.github.com/dhondta/90a07d9d106775b0cd29bb51ffe15954
$ paddinganograph -e base64 -f Comment -s . < ch15.jpg | paddinganograph -e base32
3v3ry0ne_h4s_s3cr3ts!
今天是克魯魯
iThome鐵人賽
看影片追技術