DefendTheWeb Playground Challenge Beach

DefendTheWeb.net, previously called HackThis.co.uk, is a very famous and well-known interactive security platform where you can learn and challenge your skills.. It contains challenges from several different cybersecurity fields.

I’ve decided to have a bit of fun and try to solve every single challenge presented, from the easiest to the hardest. (although easy and hard will be different depending on your skillset and field of expertise).

As I do with any challenge website, I WILL NEVER post the flag in cleartext, as it kills the fun and thrill of finding it, however I will post my way (or ways) of getting there. This is done in respect of the website’s security and non-disclosure policy, even when it doesn’t have one ;).

Challenge Beach

This challenge is also rated as Bronze difficulty, which should be easy to solve. This time the author provides us with a beautiful sunset at the beach (“whoo, reminds me of home”), followed by a Username and Password input fields. As there is no other description, the first thing that comes to mind is Steganography. Let’s download the picture and analyser it using a tool called “exiftool”

# exiftool b4.jpg
ExifTool Version Number         : 11.88
File Name                       : b4.jpg
Directory                       : .
File Size                       : 90 kB
File Modification Date/Time     : 2021:06:04 17:27:04+01:00
File Access Date/Time           : 2021:06:04 17:27:04+01:00
File Inode Change Date/Time     : 2021:06:04 17:31:24+01:00
File Permissions                : rw-rw-r--
File Type                       : JPEG
File Type Extension             : jpg
MIME Type                       : image/jpeg
JFIF Version                    : 1.01
Exif Byte Order                 : Big-endian (Motorola, MM)
Orientation                     : Horizontal (normal)
X Resolution                    : 96
Y Resolution                    : 96
Resolution Unit                 : inches
Software                        : Microsoft Windows Photo Viewer 6.1.7600.16385
Modify Date                     : 2010:04:28 13:28:38
Artist                          : REDACTED
Y Cb Cr Positioning             : Co-sited
Exposure Time                   : 1/750
F Number                        : 8.4
Exposure Program                : Program AE
ISO                             : 100
Exif Version                    : 0220
Date/Time Original              : 2010:04:28 19:28:59
Create Date                     : 2010:04:28 19:28:59
Components Configuration        : Y, Cb, Cr, -
Compressed Bits Per Pixel       : 1.979816021
Shutter Speed Value             : 1/792
Aperture Value                  : 8.4
Exposure Compensation           : 0
Max Aperture Value              : 3.2
Metering Mode                   : Multi-segment
Light Source                    : Unknown
Flash                           : Auto, Did not fire
Focal Length                    : 6.3 mm
Maker Note Version              : STMN100
Preview Image Start             : 1063457536
Preview Image Length            : 3778281728
Warning                         : [minor] Bad format (1792) for MakerNotes entry 0
User Comment                    : I like REDACTED
Flashpix Version                : 0100
Color Space                     : sRGB
Exif Image Width                : 1944
Exif Image Height               : 2592
Related Sound File              : RelatedSound
Interoperability Index          : R98 - DCF basic file (sRGB)
Interoperability Version        : 0100
Exposure Index                  : 1
Sensing Method                  : One-chip color area
File Source                     : Digital Camera
Scene Type                      : Directly photographed
Exposure Mode                   : Auto
White Balance                   : Auto
Digital Zoom Ratio              : 0
Focal Length In 35mm Format     : 35 mm
Scene Capture Type              : Standard
Contrast                        : Normal
Saturation                      : Normal
Sharpness                       : Normal
Offset Schema                   : 4194
Padding                         : (Binary data 2060 bytes, use -b option to extract)
Compression                     : JPEG (old-style)
Thumbnail Offset                : 23352
Thumbnail Length                : 3392
XMP Toolkit                     : XMP Core 4.1.1-Exiv2
Creator Tool                    : Microsoft Windows Photo Viewer 6.1.7600.16385
Instance ID                     : uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b
Image Width                     : 364
Image Height                    : 486
Encoding Process                : Baseline DCT, Huffman coding
Bits Per Sample                 : 8
Color Components                : 3
Y Cb Cr Sub Sampling            : YCbCr4:4:0 (1 2)
Aperture                        : 8.4
Image Size                      : 364x486
Megapixels                      : 0.177
Preview Image                   : (Binary data 3778281728 bytes, use -b option to extract)
Scale Factor To 35 mm Equivalent: 5.6
Shutter Speed                   : 1/750
Thumbnail Image                 : (Binary data 3392 bytes, use -b option to extract)
Circle Of Confusion             : 0.005 mm
Field Of View                   : 54.4 deg
Focal Length                    : 6.3 mm (35 mm equivalent: 35.0 mm)
Hyperfocal Distance             : 0.87 m
Light Value                     : 15.7

The most interesting lines are “Artist” and “User Comment”. And there we have it (I redacted it), our username and password. Very simple, just requires a bit of looking around.

I hope you like this very smalll stego challenge. See ya in the next one!

Related posts