Description

This cat is cuter than the rest With fur so soft and eyes so bright She loves to play and loves to cuddle And brings joy to every single night

Her purrs are soothing to the soul And her meows are music to the ear With each and every playful leap She brings laughter and good cheer

This cat is cuter than the rest A true treasure and a dear friend She brings us joy with every breath And we are blessed to have her till the end. Poem by ChatGPT

Solve

Downloading the files and running the file command shows that its a zip file.

Attempting to unzip it shows that it is password protected.

Using zip2john we are able to convert the password protected zip file into hash and crack it with john

zip2john evidence.zip > forjohn
john --wordlist=/usr/share/wordlists/rockyou.txt forjohn

Now, we are able to successfully extract the evidence.img file. Running file on evidence.img shows that it is a linux file system image.

After mounting the evidence, we saw a cat.jpg file with no other files.

cat.jpg shows a photo of a cute cat, however, the file size is very big, which might be suspicious.

Using tinyeye, I performed reverse image search and compared the file size.

Referring from the similar challenge called Aww Cute Cat , we can guess that it is image steganography with steghide.

Using FTK Imager, I mounted the evidence.img and it shows a wordlist in the unallocated space.

Therefore, we are able to extract the wordlist using a forensics investigation tool like FTK Imager.

Running strings on evidence.img also similarly shows the wordlists.

Now, with the wordlist, we are able to use the tool [stegseek](https://github.com/RickdeJager/stegseek) to perform a password attack on cat.img to extract the flag.

stegseek -sf cat.jpg -wl wordlist.txt