PicoCTF: Scan Surprise

Challenge Name: Scan Surprise

Category: Forensics

Difficulty: Easy

Description: Walkthrough and learning

The challenge: find the flag that is the supplied image.

I'm going to create a new directory for this challenge named "scansurprise".

Next I want to unzip the file I downloaded from the challenge. Then I keep moving through the folders until I find the flag image.

If I cat the flag.png file (unsure if that is a thing or not), I receive some encoded characters.

Lets see what the picture is.

Alright, we have an encoded flag file in our unzipped folder. On the GUI side, it is a QR code. Now let's return to the instructions to find the information for us to SSH into the challenge machine:

In the challenge machine, we are given the same QR code.

Scanning the QR code doesn't take you anywhere, so the first thing I think of is steganography. But I don't think it's a steganography problem. We have some clearly encrypted or encoded text gibberish and we may be able to find a website to extract the flag. First, I want to inspect the properties of the image, just in case there is something useful in there.

I'm not sure if any of this information from the properties will be useful to us but I am logging it anyways.

Alright so now I want to find somewhere that I can upload this image to potentially decode this QR code. What I found was QR Code Raptor. I clicked on "Upload Image" and then clicked "Continue". And then surprise! We have the flag!

We learned that the QR code was hiding the encoded flag:

picoCTF{p33k_@_b00_19eccd10}

Thanks for reading!