This is the file we got:
(same file, unmodified! You can try it yourself!)
At first I tried a quick
And that showed up. That's gonna be useful later.
Other than that I didn't really find anything other than what we're gonna do next.
Trying to use steghide asks us for a password. I tried the comment as a password, and it worked!
Now we just have to extract it with steghide:
And cat it out
And there's the flag.
Don't really know what to say here, don't hide stuff in images? Someones gonna find it eventually if the password is weak / just written into the file.
With a strong password that's not just written down somewhere I can see the potential.
~sw1tchbl4d3, 09/08/2020 (dd/mm/yyyy)