The Impossible Challenge | Sept 26, 2022
Introduction:
Welcome to my another writeup! In this TryHackMe The Impossible Challenge room, you’ll learn: unicode steganography with zero-width characters! Without further ado, let’s dive in.
Background
Hmm
Difficulty: Medium
Download the file, and find the Flag!
-
qo qt q` r6 ro su pn s_ rn r6 p6 s_ q2 ps qq rs rp ps rt r4 pu pt qn r4 rq pt q` so pu ps r4 sq pu ps q2 su rn on oq o_ pu ps ou r5 pu pt r4 sr rp qt pu rs q2 qt r4 r4 ro su pq o5
- Overall difficulty for me: Very easy
The Downloaded File
The download file is a zip file:
┌──(root🌸siunam)-[~/ctf/thm/ctf/The-Impossible-Challenge]
└─# file Impossible.zip
Impossible.zip: Zip archive data, at least v2.0 to extract, compression method=deflate
However, it needs a password to unzip it:
┌──(root🌸siunam)-[~/ctf/thm/ctf/The-Impossible-Challenge]
└─# unzip Impossible.zip
Archive: Impossible.zip
[Impossible.zip] flag.txt password:
skipping: flag.txt incorrect password
However, when I copy this room’s description, I saw bunch of unicodes.
Looks like it’s a unicode steganography!!
We can copy those unicode to Unicode Steganography with Zero-Width Characters:
Boom!! We found the password!! Let’s unzip the zip file:
┌──(root🌸siunam)-[~/ctf/thm/ctf/The-Impossible-Challenge]
└─# unzip Impossible.zip
Archive: Impossible.zip
[Impossible.zip] flag.txt password:
inflating: flag.txt
flag.txt:
┌──(root🌸siunam)-[~/ctf/thm/ctf/The-Impossible-Challenge]
└─# cat flag.txt
You have solved the Impossible Challenge! Here is your flag THM{Redacted}
Conclusion
What we’ve learned:
- Unicode Steganography With Zero-Width Characters