Aww Cuter Cat
Last updated
Last updated
| Difficulty | Points | Solves |
|---|---|---|
Easy | 150 | 1 |
This cat is cuter than the rest With fur so soft and eyes so bright She loves to play and loves to cuddle And brings joy to every single night
Her purrs are soothing to the soul And her meows are music to the ear With each and every playful leap She brings laughter and good cheer
This cat is cuter than the rest A true treasure and a dear friend She brings us joy with every breath And we are blessed to have her till the end. Poem by ChatGPT
Downloading the files and running the file command shows that its a zip file.
Attempting to unzip it shows that it is password protected.
Using zip2john we are able to convert the password protected zip file into hash and crack it with john
Now, we are able to successfully extract the evidence.img file. Running file on evidence.img shows that it is a linux file system image.
After mounting the evidence, we saw a cat.jpg file with no other files.
cat.jpg shows a photo of a cute cat, however, the file size is very big, which might be suspicious.
Using tinyeye, I performed reverse image search and compared the file size.
Referring from the similar challenge called Aww Cute Cat , we can guess that it is image steganography with steghide.
Using FTK Imager, I mounted the evidence.img and it shows a wordlist in the unallocated space.
When you delete a file, the operating system marks the space on the hard drive that the file occupied as available for use, but it does not actually erase the file's data from the hard drive.
Instead, it simply removes the reference to the file from the file system, which is a database that the operating system uses to keep track of all the files on the computer.
As a result, the data that made up the file is still present on the hard drive, but it is no longer accessible through the file system.
Therefore, we are able to extract the wordlist using a forensics investigation tool like FTK Imager.
Running strings on evidence.img also similarly shows the wordlists.
Now, with the wordlist, we are able to use the tool [stegseek](https://github.com/RickdeJager/stegseek) to perform a password attack on cat.img to extract the flag.
