zsteg hidden_flag.jpg No hidden data were found; the flag was solely stored in the EXIF comment, confirming the intended solution. #!/usr/bin/env bash set -euo pipefail
Event: All The Fallen CTF 2023 Category: Web / Steganography / Information Disclosure Difficulty: ★★☆☆☆ (Easy‑Medium) 1. Overview The challenge presents a small web‑application that mimics an image‑board (a “booru”). The public URL was:
UserComment : flagb0oru_4ll_th3_f4ll3n_m0r3 That was the flag! For completeness, I also tried a classic LSB steganography check on the image using zsteg : booru.allthefallen.more
# 3️⃣ Use the token to access the hidden page curl -s "$BASE/more?token=$token" > more.html
curl -s "https://booru.allthefallen.more/more?token=boru_block_survive" The server responded with a 200 OK and an HTML page that listed a single hidden image: zsteg hidden_flag
<!-- token is stored in the image EXIF --> All thumbnails were JPEG files served from /static/img/<hash>.jpg . Downloading a few of them with wget and inspecting the EXIF data ( exiftool ) revealed a custom tag:
Access denied. You need a valid token. The page source contained another comment: You need a valid token
<img src="/static/img/hidden_flag.jpg" /> Downloading the image: