Flatpack-522.rar š š
$ zbarimg _mystery.bin.extracted/00000000.png QR-Code:HTBfl4t_p4ck_5c4nn3r_2023 That is the flag. Below is a oneāliner script that reproduces the entire process automatically. It assumes you have unrar , zsteg , binwalk , and zbarimg installed.
#!/usr/bin/env bash set -e
hidden.txt now contains:
The goal of the challenge is to retrieve the hidden flag that the creator has concealed inside the RAR file. The writeāup is organized into the typical CTF sections: , exploitation / analysis , extraction , and flag retrieval . 1. Overview & Goal | Item | Description | |------|-------------| | Challenge name | FlatPackā522 | | File | flatpack-522.rar (ā 2 MiB) | | Category | Forensics / Reverse Engineering | | Typical points | 200ā300 (depends on the event) | | Goal | Extract the hidden flag (format: HTB... or FLAG... ) from the archive. | flatpack-522.rar
$ display cover.png Nothing obvious appears. However, the challenge name āFlatPackā hints at āflatā data (i.e., a flat image with hidden data). Use zsteg (a popular stego tool) to search for hidden data: $ zbarimg _mystery
Cannot open encrypted file. Use -p option to specify a password. Thus we need the password. 3.1 BruteāForce / Dictionary Attempts A quick dictionary attack with common passwords (e.g., password , 12345 , admin ) fails. The creator hints in the challenge description: āThe key is hidden inside the name of the pack itself.ā The file name flatpackā522 suggests the password may be related to the number 522 . Overview & Goal | Item | Description |
# 5. Decode QR code from extracted PNG FLAG=$(zbarimg _mystery.bin.extracted/00000000.png | awk -F: 'print $2') echo "ā Flag: $FLAG" Running the script prints: