Skip to content

thefluffy007

A security researchers' thoughts on cybersecurity education, training, AND hacking ALL THE THINGS: web, mobile, cloud, etc.

  • Twitter
  • Instagram
  • YouTube
  • About Me
  • Course Content
  • Publications
  • Speaking Engagements
  • T-ATP
  • Trainings
  • Let’s Connect!

Tag: jpg

capture the flag, hacking

PicoCTF 2017 – Meta Find Me #appsec #infosec

July 3, 2017March 3, 2021 thefluffy007

Another day, another challenge.

Today’s blog post is solving the, “Meta Find Me” challenge within PicoCTF.

Let’s get started.

Clicking on the challenge we see:

PicoCTF_Meta_Find_Me_1

OK, we need to find meta data inside of an image. Let’s see what the hints give us.

PicoCTF_Meta_Find_Me_2

We need to answer the question of how location is stored in imaged. Look like Google will once again be our friend 🙂

After downloading the image, and doing a Google search of, “GPS info on photos” we’re presented with the following link.

Reading the link (which is from How-To-Geek) we learn that if we look at the properties of a image it will give the GPS coordinates.

OK, that’s a start.

While continuing reading the article we notice that with these type of images there’s an embedded EXIF data in the image.

Let’s try a Google search of “EXIF GPS decrypter” and see if we can view the embedded EXIF data for our image.

Doing that Google search we’re presented with the following link.

Going to that link, and uploading our image and click the “view EXIF” button we’re presented with the following:

PicoCTF_Meta_Find_Me_3

Looking at the comment we see that part of the flag is present, we need to find the latitude and longitude. Luckily that’s presented above the comment.

Entering the flag we’ve acquired 70 points!

Tagged ctf, EXIF, Google, GPS, images, jpg, latitude, longitude, meta-data, misc, PicoCTF8 Comments

Recent Posts

  • #PwnItFridays @hackthebox_eu Starting Point Series: Three
  • #PwnItFridays @hackthebox_eu Starting Point Series: Bike
  • #PwnItFridays @hackthebox_eu Starting Point Series: Funnel
  • PwnItFridays hackthebox_eu Starting Point Series: Tactics
  • #PwnItFridays @hackthebox_eu Starting Point Series: Pennyworth

Archives

  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • September 2022
  • April 2022
  • December 2021
  • November 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • November 2019
  • March 2019
  • February 2019
  • July 2018
  • June 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • January 2013
  • May 2012
  • March 2012

Categories

  • boot2root
  • capture the flag
  • cloud
  • cybersecurity education
  • hacking
  • mobile
  • OSCP
  • owasp
  • Uncategorized
  • web application security

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
  • Twitter
  • Instagram
  • YouTube
Powered by WordPress.com.
 

Loading Comments...