Results 1 to 3 of 3

Thread: Cyber Challenge from Dutch national security agency AIVD

Threaded View

  1. #1
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Cyber Challenge from Dutch national security agency AIVD

    The AIVD put out a cyber challenge last Monday an it has been driving me nuts...

    https://www.aivd.nl/organisatie/eenh...ber-challenge/

    The cyber challenge files can be downloaded at the bottom of the page as a .zip file.

    https://www.aivd.nl/publish/pages/24..._challenge.zip


    The zip file contains 11 .jpg images.
    All images are of famous movies.
    A.jpg - The Big Lebowski
    B.jpg - Hellboy I
    C.jpg - Primer
    D.jpg - Wall-E
    E.jpg - Pi
    F.jpg - Mr Magorium's Wonder Emporium
    G.jpg - Office Space
    H.jpg - Star Wars (A New Hope?)
    I.jpg - Sneakers
    J.jpg - War Games
    K.jpg - A New Hope

    Have done stegdetect and stegbreak on the files without noticeable hidden content, although stegdetect
    gives some positives on jphide when using -s 2 after checks with hex editor I have since found
    that the expected originals of the photos (found online with google image search) appear to be identical and
    thus unlikely to contain stego content.. ?



    F.jpg does contain some data in the comment which reportedly is of interest.
    extracted with exiftool;
    Code:
    exiftool -b -Comment F.jpg > out_file
    80 97 7E 04 CC 01 00 00 CC 01 00 00 40 02 00 00
    4A 01 00 00 40 02 00 00 7C 05 00 00 EA 01 00 00
    EA 01 00 00 7C 05 00 00 80 0D 00 00 7C 05 00 00
    56 04 00 00 7C 05 00 00 80 0D 00 00 16 11 00 00
    B4 09 00 00 A6 08 00 00 A6 08 00 00 B4 09 00 00
    16 11 00 00 E4 18 00 00 3C 0C 00 00 20 0A 00 00
    B4 09 00 00 20 0A 00 00 3C 0C 00 00 E4 18 00 00
    BA 30 00 00 EE 11 00 00 14 0D 00 00 64 0B 00 00
    64 0B 00 00 14 0D 00 00 EE 11 00 00 BA 30 00 00
    3A 23 00 00 FC 12 00 00 8E 0E 00 00 4A 0D 00 00
    8E 0E 00 00 FC 12 00 00 3A 23 00 00 56 25 00 00
    18 15 00 00 16 11 00 00 16 11 00 00 18 15 00 00
    56 25 00 00 8E 29 00 00 E4 18 00 00 BA 15 00 00
    E4 18 00 00 8E 29 00 00 BA 30 00 00 A4 1F 00 00
    A4 1F 00 00 BA 30 00 00 3A 3E 00 00 FC 2D 00 00
    3A 3E 00 00 48 5A 00 00 48 5A 00 00 30 B1 00
    This same information I also found in image when searching for comparisons online,
    so am not sure how this information is relevant, but following comments from
    the anonymous hint-giver it is..(comment from saterday 17-11-2012 23:37)
    http://www.security.nl/artikel/43891...challenge.html.



    D.jpg contains zipped, password protected file 'b.pdf'
    H.jpg contains zipped, password protected file 'h.pdf'
    J.jpg contains zipped, password protected file 'crypt.exe' - Password: Joshua
    K.jpg contains zipped, non-protected file 'n.zip.enc'


    Stripped out the zip data from the D.jpg & H.jpg files and have been running wordlists and some bruteforce
    upto 6 characters on them, but failing miserably..


    The n.zip.enc file is to be decrypted with the crypt.exe
    Code:
    crypt.exe -d n.zip.enc outout_file password
    You can also encrypt files using crypt.exe using -e switch to compare files.



    Hope OK to post this kind of thing here, thought it would be interesting to see what tools / methods
    others would use to try to identify the hidden content, this has been busting my balls :|
    Last edited by TAPE; 11-19-2012 at 05:56 AM.

Similar Threads

  1. [artigo] - Cybersegurança e o U.S. Cyber Challenge
    By firebits in forum Duvidas Gerais
    Replies: 0
    Last Post: 04-27-2010, 01:18 PM
  2. NYS Cyber Security Confrence
    By webtrol in forum OLD General IT Discussion
    Replies: 3
    Last Post: 06-01-2009, 05:07 PM
  3. Dutch paper about cracking WEP using Backtrack
    By Gfyjj in forum OLD Newbie Area
    Replies: 0
    Last Post: 10-18-2008, 11:29 AM
  4. [Challenge] Testing the security of a server.
    By SirPuffy in forum OLD Pentesting
    Replies: 10
    Last Post: 06-05-2008, 07:25 PM
  5. dutch wordlists
    By amsterash in forum OLD Pentesting
    Replies: 6
    Last Post: 05-20-2008, 02:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •