Results 1 to 3 of 3

Thread: Cyber Challenge from Dutch national security agency AIVD

Hybrid View

  1. #1
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Cyber Challenge from Dutch national security agency AIVD

    The AIVD put out a cyber challenge last Monday an it has been driving me nuts...

    https://www.aivd.nl/organisatie/eenh...ber-challenge/

    The cyber challenge files can be downloaded at the bottom of the page as a .zip file.

    https://www.aivd.nl/publish/pages/24..._challenge.zip


    The zip file contains 11 .jpg images.
    All images are of famous movies.
    A.jpg - The Big Lebowski
    B.jpg - Hellboy I
    C.jpg - Primer
    D.jpg - Wall-E
    E.jpg - Pi
    F.jpg - Mr Magorium's Wonder Emporium
    G.jpg - Office Space
    H.jpg - Star Wars (A New Hope?)
    I.jpg - Sneakers
    J.jpg - War Games
    K.jpg - A New Hope

    Have done stegdetect and stegbreak on the files without noticeable hidden content, although stegdetect
    gives some positives on jphide when using -s 2 after checks with hex editor I have since found
    that the expected originals of the photos (found online with google image search) appear to be identical and
    thus unlikely to contain stego content.. ?



    F.jpg does contain some data in the comment which reportedly is of interest.
    extracted with exiftool;
    Code:
    exiftool -b -Comment F.jpg > out_file
    80 97 7E 04 CC 01 00 00 CC 01 00 00 40 02 00 00
    4A 01 00 00 40 02 00 00 7C 05 00 00 EA 01 00 00
    EA 01 00 00 7C 05 00 00 80 0D 00 00 7C 05 00 00
    56 04 00 00 7C 05 00 00 80 0D 00 00 16 11 00 00
    B4 09 00 00 A6 08 00 00 A6 08 00 00 B4 09 00 00
    16 11 00 00 E4 18 00 00 3C 0C 00 00 20 0A 00 00
    B4 09 00 00 20 0A 00 00 3C 0C 00 00 E4 18 00 00
    BA 30 00 00 EE 11 00 00 14 0D 00 00 64 0B 00 00
    64 0B 00 00 14 0D 00 00 EE 11 00 00 BA 30 00 00
    3A 23 00 00 FC 12 00 00 8E 0E 00 00 4A 0D 00 00
    8E 0E 00 00 FC 12 00 00 3A 23 00 00 56 25 00 00
    18 15 00 00 16 11 00 00 16 11 00 00 18 15 00 00
    56 25 00 00 8E 29 00 00 E4 18 00 00 BA 15 00 00
    E4 18 00 00 8E 29 00 00 BA 30 00 00 A4 1F 00 00
    A4 1F 00 00 BA 30 00 00 3A 3E 00 00 FC 2D 00 00
    3A 3E 00 00 48 5A 00 00 48 5A 00 00 30 B1 00
    This same information I also found in image when searching for comparisons online,
    so am not sure how this information is relevant, but following comments from
    the anonymous hint-giver it is..(comment from saterday 17-11-2012 23:37)
    http://www.security.nl/artikel/43891...challenge.html.



    D.jpg contains zipped, password protected file 'b.pdf'
    H.jpg contains zipped, password protected file 'h.pdf'
    J.jpg contains zipped, password protected file 'crypt.exe' - Password: Joshua
    K.jpg contains zipped, non-protected file 'n.zip.enc'


    Stripped out the zip data from the D.jpg & H.jpg files and have been running wordlists and some bruteforce
    upto 6 characters on them, but failing miserably..


    The n.zip.enc file is to be decrypted with the crypt.exe
    Code:
    crypt.exe -d n.zip.enc outout_file password
    You can also encrypt files using crypt.exe using -e switch to compare files.



    Hope OK to post this kind of thing here, thought it would be interesting to see what tools / methods
    others would use to try to identify the hidden content, this has been busting my balls :|
    Last edited by TAPE; 11-19-2012 at 05:56 AM.

  2. #2
    Just burned their ISO
    Join Date
    Nov 2012
    Posts
    1

    Default Re: Cyber Challenge from Dutch national security agency AIVD

    I've reached the same dead end. Brute forcing the remaining two zip files seems to be the only option, but that can take forever. I've tested every combination of small letters or capitalized words (only first letter capitalized) but no luck.

    Hunches
    J.zip was decrypted using the word "Joshua". This is also the nickname of the WOPR computer depicted in the image from the movie War Games.
    Perhaps the other passwords use the same logic. Perhaps they are names/nicknames of the actors depicted in the corresponding images. I've used CeWL (ruby script) to create a wordlist from both the IMDB and Wikipedia pages of all of the movies depicted. Then I used fcrackzip to test all of these words on the remaining zip files, but no luck.

    Clues
    Scouring the interwebs has resulted in a few cryptic clues. On twitter I found the following message:

    A/s/Donny, C/s/hair, D/z, F/s/Avid, H/z, J/z/Joshua, K/z #cyberchallenge

    J/z/Joshua could mean (filname)/(filetype)/(password)
    That being said, this would imply that A.jpg is password protected with "Donny" but I can't figure out what steganographic tool was used for the encrypting. If these passwords are correct, this means that the password logic is a name of a character from the movie screen shot. "Donny" from the Big Lebowski, Avid Shoewearer from Emporium, etc. No idea what "hair" means.

    Good luck and hope this helps!
    -K

  3. #3
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Re: Cyber Challenge from Dutch national security agency AIVD

    Thanks for the reply !
    Interesting info on the possible stego passwords.
    I have also tried the usual suspects on stego ; steghide / jpseek, regrettably also to no avail.


    Am wondering whether the jpg data is somehow modified an requiring the mentioned data in F.jpg
    to decrypt it.. but really clutching at straws now !
    Looking at the hex of A.jpg shows some out of the ordinary blocks, but how that fits in is beyond me.

    It was hinted that the passwords should be related to either the film or the image of the film in some way.


    I also made lists with CeWL on all the pages I could find on the movies, but must be missing something..
    An IMDB link is in the comments of C.jpg so maybe have to revisit that again..

    Dammit.. this is going to drive me nuts, this is all waaaay out of my league but fun to play with !


    If you get any further, please post back and help save my sanity !

Similar Threads

  1. [artigo] - Cybersegurança e o U.S. Cyber Challenge
    By firebits in forum Duvidas Gerais
    Replies: 0
    Last Post: 04-27-2010, 01:18 PM
  2. NYS Cyber Security Confrence
    By webtrol in forum OLD General IT Discussion
    Replies: 3
    Last Post: 06-01-2009, 05:07 PM
  3. Dutch paper about cracking WEP using Backtrack
    By Gfyjj in forum OLD Newbie Area
    Replies: 0
    Last Post: 10-18-2008, 11:29 AM
  4. [Challenge] Testing the security of a server.
    By SirPuffy in forum OLD Pentesting
    Replies: 10
    Last Post: 06-05-2008, 07:25 PM
  5. dutch wordlists
    By amsterash in forum OLD Pentesting
    Replies: 6
    Last Post: 05-20-2008, 02:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •