Table of contents
Introduction
Challenge: Enhance!
Category: Forensics
Description:
Download this image file and find the flag.
Solution
Now we are moving on to our next category, Forensics. In this challenge, we have been provided with a .svg file and we have the flag somewhere hidden inside it. Let's take a look at the file.
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
width="210mm"
height="297mm"
viewBox="0 0 210 297"
version="1.1"
id="svg8"
inkscape:version="0.92.5 (2060ec1f9f, 2020-04-08)"
sodipodi:docname="drawing.svg">
<defs
id="defs2" />
<sodipodi:namedview
id="base"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:pageopacity="0.0"
inkscape:pageshadow="2"
inkscape:zoom="0.69833333"
inkscape:cx="400"
inkscape:cy="538.41159"
inkscape:document-units="mm"
inkscape:current-layer="layer1"
showgrid="false"
inkscape:window-width="1872"
inkscape:window-height="1016"
inkscape:window-x="48"
inkscape:window-y="27"
inkscape:window-maximized="1" />
<metadata
id="metadata5">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
<dc:title></dc:title>
</cc:Work>
</rdf:RDF>
</metadata>
<g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1">
<ellipse
id="path3713"
cx="106.2122"
cy="134.47203"
rx="102.05357"
ry="99.029755"
style="stroke-width:0.26458332" />
<circle
style="fill:#ffffff;stroke-width:0.26458332"
id="path3717"
cx="107.59055"
cy="132.30211"
r="3.3341289" />
<ellipse
style="fill:#000000;stroke-width:0.26458332"
id="path3719"
cx="107.45217"
cy="132.10078"
rx="0.027842503"
ry="0.031820003" />
<text
xml:space="preserve"
style="font-style:normal;font-weight:normal;font-size:0.00352781px;line-height:1.25;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:0.26458332;"
x="107.43014"
y="132.08501"
id="text3723"><tspan
sodipodi:role="line"
x="107.43014"
y="132.08501"
style="font-size:0.00352781px;line-height:1.25;fill:#ffffff;stroke-width:0.26458332;"
id="tspan3748">p </tspan><tspan
sodipodi:role="line"
x="107.43014"
y="132.08942"
style="font-size:0.00352781px;line-height:1.25;fill:#ffffff;stroke-width:0.26458332;"
id="tspan3754">i </tspan><tspan
sodipodi:role="line"
x="107.43014"
y="132.09383"
style="font-size:0.00352781px;line-height:1.25;fill:#ffffff;stroke-width:0.26458332;"
id="tspan3756">c </tspan><tspan
sodipodi:role="line"
x="107.43014"
y="132.09824"
style="font-size:0.00352781px;line-height:1.25;fill:#ffffff;stroke-width:0.26458332;"
id="tspan3758">o </tspan><tspan
sodipodi:role="line"
x="107.43014"
y="132.10265"
style="font-size:0.00352781px;line-height:1.25;fill:#ffffff;stroke-width:0.26458332;"
id="tspan3760">C </tspan><tspan
sodipodi:role="line"
x="107.43014"
y="132.10706"
style="font-size:0.00352781px;line-height:1.25;fill:#ffffff;stroke-width:0.26458332;"
id="tspan3762">T </tspan><tspan
sodipodi:role="line"
x="107.43014"
y="132.11147"
style="font-size:0.00352781px;line-height:1.25;fill:#ffffff;stroke-width:0.26458332;"
id="tspan3764">F { 3 n h 4 n </tspan><tspan
sodipodi:role="line"
x="107.43014"
y="132.11588"
style="font-size:0.00352781px;line-height:1.25;fill:#ffffff;stroke-width:0.26458332;"
id="tspan3752">c 3 d _ 2 4 3 7 4 6 7 5 }</tspan></text>
</g>
</svg>
At the last of the file, we can see something similar to a flag, so, we need to extract the flag from it. We can do this manually, but, I am gonna do some bash tricks using tools like grep, cut, and tr.
cat drawing.flag.svg | grep "</tspan>" | cut -d ">" -f2 | cut -d "<" -f1 | tr -d "\n" | tr -d " "
Now, this one line might look very confusing. So let's break it down.
grep "</tspan>"- Here we are basically filtering down the lines that contain the part of the flag.- Output:
id="tspan3748">p </tspan><tspan id="tspan3754">i </tspan><tspan id="tspan3756">c </tspan><tspan id="tspan3758">o </tspan><tspan id="tspan3760">C </tspan><tspan id="tspan3762">T </tspan><tspan id="tspan3764">F { 3 n h 4 n </tspan><tspan id="tspan3752">c 3 d _ 2 4 3 7 4 6 7 5 }</tspan></text>
- Output:
cut -d ">" -f2- Here we are removing anything before the part of the flag.- Output:
p </tspan i </tspan c </tspan o </tspan C </tspan T </tspan F { 3 n h 4 n </tspan c 3 d _ 2 4 3 7 4 6 7 5 }</tspan
- Output:
cut -d "<" -f1- Here we are removing anything after the part of the flag.- Output:
p i c o C T F { 3 n h 4 n c 3 d _ 2 4 3 7 4 6 7 5 }
- Output:
tr -d "\n"- Here we are removing all the new lines.- Output:
p i c o C T F { 3 n h 4 n c 3 d _ 2 4 3 7 4 6 7 5 }
- Output:
tr -d "\n"- Here we are removing all the spaces between the parts of the flag.- Output:
picoCTF{3nh4nc3d_24374675}
- Output:
Conclusion
So basically, we have found a hidden flag inside a file that looks completely normal.
Flag: picoCTF{3nh4nc3d_24374675}
ย