Sunshine CTF 2016 - That's No Moon

14th of March, 2016 Sunshine CTF 2016



This write-up and all the other ones about the Sunshine CTF 2016 are also available on the repository of my team, d0tslashpwn.


For this Forensics challenge, we need to download a picture of a moon. The file is available here. After trying to play with colors with Steganabara or Stegsolve to find a hidden text, we change of strategy. We use the strings command. By the end of the output, we can see a flag.txt is hidden inside the file.

% strings moon.png

Let is change the extension of the file to a zip archive and extract it.

% mv moon.png
% unzip
warning []:  411781 extra bytes at beginning or within zipfile
  (attempting to process anyway)
[] flag.txt password: 

A password is required. After some guessing, we notice that the challenge is titled That’s No Moon. So let is try moon as a password.

[] flag.txt password: 
extracting: flag.txt

Success! The flag is sun{0kay_it_is_a_m00n}.