DawgCTF Writeup
goofy ctf
Introduction
We joined this ctf few months ago, so there are some of the challenges I’d like to document it here.
Challenges
Music Theory (Fwn)
Given mp4 file and as you can see there is a text underneath of the video. And it seems like it is base64 encoded format:
Using CyberChef, the data was decoded from Base64 format. The provided clue indicated that this artifact used steganography in conjunction with TrueCrypt.
What is truecrypt?
TrueCrypt is an open-source software used for on-the-fly encryption (OTFE). It creates a virtual encrypted disk within a file and can also encrypt a partition or an entire storage device.
To access the encrypted data, the volume must be mounted by entering the correct passphrase, after which the contents become available.
Since TrueCrypt has been discontinued, VeraCrypt, which provides the same functionality, is used instead.
Recon
After inspecting the file, I we found that the comment field contained something interesting. I used ExifTool to extract metadata from the video file.
1
└─$ exiftool enterscoretitlehere.mp4
The string 6b65796f66636d616a6f72 appears to be in hexadecimal format. When converted to ASCII text, it translates to keyofcmajor
This finding may serve as the password required to decrypt the encrypted mounted disk.
Extracting
Now for the fun part. Open VeraCrypt and choose any available drive letter (A, B, C, or any other). Then, enter the provided password to mount the volume. Once mounted, you will be able to access the decrypted contents.
Once you be able to decrypt it,open the file and grab the flag!
Azure Pentester (Web)
