"TFTPADRESSSTRATAGEMSKIPPED" → Decodes to: TFTP ADRESS STRATAGEM SKIPPED
Open the tftp.pcapng file in . Go to: File > Export Objects > TFTP... You will see several files being transferred: instructions.txt plan program.deb picture1.bmp , picture2.bmp , picture3.bmp 2. Decode the Hints The text files are encoded using ROT13 : 24500.rar
Note: picture3.bmp is usually the one containing the payload. Decode the Hints The text files are encoded
The hint "DUEDILIGENCE" from the plan file is the . 5. Extract the Flag Apply steghide to the exported images using the passphrase: steghide extract -sf picture3.bmp -p DUEDILIGENCE Use code with caution. Copied to clipboard Extract the Flag Apply steghide to the exported
This will output a file (often named flag.txt ) containing the flag: picoCTF{h1dd3n_1n_pLa1n_51GHT_183759ad}
"VHAVEBYENARQGURCEBTENZNAQUVQVGJVGUVAONR" → Decodes to: I USED THE PROGRAM AND HID IT WITH DUEDILIGENCE 3. Identify the Steganography Tool
Dizkover