Hidden Message (Cyber Talents)
π΅οΈββοΈ 1. Identification :
Challenge Description:
Cyber Criminal is hiding information in a file named h_m.jpg . Requirements: Extract the flag and submit it in MD5 format.
Case Type: Forensic Analysis of an Image File Suspected of Steganography / Metadata Forensics.
π₯ 2. Acquisition
Download the digital guide (image) :
sansforensics@as: ~/DF-LAB/CyberTalents
$ wget https://hubchallenges.s3.eu-west-1.amazonaws.com/h_m.jpg
--2025-07-28 20:51:21-- https://hubchallenges.s3.eu-west-1.amazonaws.com/h_m.jpg
Resolving hubchallenges.s3.eu-west-1.amazonaws.com (hubchallenges.s3.eu-west-1.amazonaws.com)... 3.5.70.76, 3.5.72.21, 52.92.16.106, ...
Connecting to hubchallenges.s3.eu-west-1.amazonaws.com (hubchallenges.s3.eu-west-1.amazonaws.com)|3.5.70.76|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 63516 (62K) [image/jpeg]
Saving to: βh_m.jpgβ
h_m.jpg 100%[===================>] 62.03K 128KB/s in 0.5s
2025-07-28 20:51:23 (128 KB/s) - βh_m.jpgβ saved [63516/63516]
Check file properties after downloading :
sansforensics@as: ~/DF-LAB/CyberTalents
$ stat h_m.jpg
File: h_m.jpg
Size: 63516 Blocks: 128 IO Block: 4096 regular file
Device: 802h/2050d Inode: 3150185 Links: 1
Access: (0664/-rw-rw-r--) Uid: ( 1000/sansforensics) Gid: ( 1000/sansforensics)
Access: 2025-07-28 20:51:23.000000000 +0000
Modify: 2024-09-22 15:28:18.000000000 +0000
Change: 2025-07-28 20:51:23.182125873 +0000
Birth: -
Determine the file type using the file tool:
sansforensics@as: ~/DF-LAB/CyberTalents
$ file h_m.jpg
h_m.jpg: JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2], baseline, precision 8, 955x384, components 3
π§ 3. Preservation
The file was processed in a digital forensic environment .
The file contents were not modified at all, and analysis was performed using read-only tools such as exif.
Preservation was performed by:
Copying the file into the investigation folder: \~/DF-LAB/CyberTalents/
Not modifying its timestamps.
Not using any tool that would overwrite the file.
π 4. Analysis
Analysis tools used: exif or exiftool To analyze the image's metadata.
Execute the analysis :
Here we have found the flagΒ , Using exiftoolΒ :
sansforensics@as: ~/DF-LAB/CyberTalents
$ exif h_m.jpg
EXIF tags in 'h_m.jpg' ('Motorola' byte order):
--------------------+----------------------------------------------------------
Tag |Value
--------------------+----------------------------------------------------------
X-Resolution |96
Y-Resolution |96
Resolution Unit |Inch
YCbCr Positioning |Centered
Exif Version |Unknown Exif Version
Components Configura|Y Cb Cr -
User Comment |b1a1f2855d2428930e0c9c4ce10500d5
FlashPixVersion |FlashPix Version 1.0
Color Space |Internal error (unknown value 65535)
--------------------+----------------------------------------------------------
To extract the flag aloneΒ :
sansforensics@as: ~/DF-LAB/CyberTalents
$ exif h_m.jpg | grep Comment
User Comment |b1a1f2855d2428930e0c9c4ce10500d5
π’ The flag was found inside the User Comment field of the Exif Metadata.
π 5. Reporting
Report Report Title: Investigating an Image File Containing Hidden Data - CyberTalents Challenge
Description : An image named h_m.jpg was uploaded, and by analyzing the metadata using forensic tools, a hidden key was found in the "User Comment" field .
Analysis Tool: exif
Final Result (Flag):
b1a1f2855d2428930e0c9c4ce10500d5
Flag Format: MD5 β
Status: β Flag extracted successfully
π¬ "Control the code, and you control the world."
See You Soon
AS Cyber β)).