So we came 1st in this CTF :). The weekend was pretty exciting for us actually. So I liked some challenges in the CTF hence the writeup.


Challenge Description

Screenshot from 2019-07-01 18-48-59
BTW, I got First Blood in this Challenge 🙂


First I’d like to thank my teammate Nihith(@NihithNihi) for helping in this challenge 🙂

So as I understood later, the description does have a big role to play in solving the challenge. Okay, let’s start.

We first download the following file Output.png but the file size is 9.2MB which was a little suspicious to me. So I went through the hex dump of the file and saw the header of another PNG 🙂

Screenshot from 2019-07-01 21-19-37
After IEND of the 1st PNG, The header of the next PNG starts. You can extract that using “dd”

So I extracted it out and got the following image (Also note that the Image you get after extracting is corrupted. Change the header from “82” to “89”).


There is a big clue in the image: BLUE STEGO.  So I instantly googled for any GitHub repo or tool with the name bluestego. And I found this link:

This tool was needed to get the flag but it also requires a key. Where do we find a key??

So I tried some more tools on the same image and when using stegsolve(RED plane 0), I found a QR code hidden in the image.

Screenshot from 2019-07-02 11-25-56
Scanning the QR- we get the following link:

So after visiting the website, I searched around for a lot of time but I didn’t know what I was looking for. Finally, the word “DIFF“(Danang International Fireworks Festival) looked like a suitable acronym to be used as the key for the bluestego tool. Yes, I was right! DIFF is the key.

Yes, then we got the flag and that too a First Blood.


Screenshot from 2019-07-02 13-27-02

Yay!! The flag is ISITDTU{D4N4NG_1S_MY_L0V3}


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Powered by

Up ↑

Create your website at
Get started
%d bloggers like this: