This is the file we got:
(same file, unmodified! You can try it yourself!)
At first I tried to look at the image color-wise with this tool
(had to convert the png to jpg first though)
After my image was uploaded I tried every mode, and
LSB Half got the result I needed.
Clicking that, the image got transformed into this:
As you can maybe see, it says
The password is s33_m3_1f_y0u_c4n
We'll need that for our next step.
Running zsteg on the png got this:
We found a zip file (green) at
Now to the "Exploitation".
We can extract the zip file from the png like so:
Trying to unzip the file asks for a password.
Conveniently we already know the password!
Extract the zip and cat out the flag and we get this:
And there's the flag!
Like I said last time, stego isnt good if you haven't got a password that's not already contained in that/some other file.
Someone will eventually find it.
~sw1tchbl4d3, 09/04/2020 (dd/mm/yyyy)