GCTF or Gryphon CTF is a Capture-The-Flag event hosted by Cybersecurity students from Singapore Poly. This write-up provides a solution to solve one of the steganography challenges, Snowy Message.
The Challenge
A text file, output.txt
, filled with seemingly nonsensical content was provided to participants, as seen above. I quickly browsed through the file and unsurprisingly, there was no flag to be found.
Solution
Initially, I thought of Unicode steganography using zero-width, invisible characters, which has led to me performing a few trials and errors using this tool. Though, I soon realized that was not the case.
After browsing the web in search of a solution, I stumbled upon a tool named, Stegsnow, as its name did somehow resemble that of the challenge. Stegsnow can be simply installed on Kali Linux using the command:
apt install stegsnow
After which, I ran the tool using the -C
flag along with the challenge file as its input in an attempt to decompress and ascertain hidden data within the file.
The attempt was successful as the flag was extracted, as seen in the image above.