Tags: steganography 

Rating:

# Chandi Bot 3

- 294 Points / 73 Solves

## Background

I wonder what the bot's favorite dinosaur is?

![](https://raw.githubusercontent.com/siunam321/CTF-Writeups/main/RITSEC-CTF-2023/images/Pasted%20image%2020230402162635.png)

## Find the flag

If we send a message that contains "dinosaur", it'll reply us with some random dinosaur names:

![](https://raw.githubusercontent.com/siunam321/CTF-Writeups/main/RITSEC-CTF-2023/images/Pasted%20image%2020230402162739.png)

However, I think that just a rabbit hole.

Then, I start to think: "Any command that's interesting?"

**Yes we do. Like the `/stego` command:**

![](https://raw.githubusercontent.com/siunam321/CTF-Writeups/main/RITSEC-CTF-2023/images/Pasted%20image%2020230402162855.png)

**Hmm... Let's upload a random PNG image file:**

![](https://raw.githubusercontent.com/siunam321/CTF-Writeups/main/RITSEC-CTF-2023/images/Pasted%20image%2020230402162921.png)

![](https://raw.githubusercontent.com/siunam321/CTF-Writeups/main/RITSEC-CTF-2023/images/Pasted%20image%2020230402162929.png)

Let's download it!

![](https://raw.githubusercontent.com/siunam321/CTF-Writeups/main/RITSEC-CTF-2023/images/Pasted%20image%2020230402162948.png)

```shell
┌[siunam♥earth]-(~/ctf/RITSEC-CTF-2023/Chandi-Bot)-[2023.04.02|16:30:05(HKT)]
└> wget https://media.discordapp.net/ephemeral-attachments/1091391452866682950/1092001499086864384/encoded.png
```

**According to [HackTricks](https://book.hacktricks.xyz/crypto-and-stego/stego-tricks#zsteg), we can use a tool called [`zsteg`](https://github.com/zed-0xff/zsteg) to run all the checks:**

![](https://raw.githubusercontent.com/siunam321/CTF-Writeups/main/RITSEC-CTF-2023/images/Pasted%20image%2020230402163216.png)

```shell
┌[siunam♥earth]-(~/ctf/RITSEC-CTF-2023/Chandi-Bot)-[2023.04.02|16:30:08(HKT)]
└> zsteg -a encoded.png
b8,b,msb,xy .. file: RDI Acoustic Doppler Current Profiler (ADCP)
b8,rgb,msb,xy .. file: RDI Acoustic Doppler Current Profiler (ADCP)
b8,bgr,msb,xy .. file: RDI Acoustic Doppler Current Profiler (ADCP)
b1,rgb,lsb,yx .. text: "RS{GO_GET_THE_ENCODED_FLAG}"
[...]
```

Boom! We found the flag!

- **Flag: `RS{GO_GET_THE_ENCODED_FLAG}`**

## Conclusion

What we've learned:

1. Extracting Hidden Information In An Image File

Original writeup (https://siunam321.github.io/ctf/RITSEC-CTF-2023/Chandi-Bot/Chandi-Bot-1-6/#chandi-bot-3).