Behind the Curtain

Challenge:

This image was intercepted from Ghost Town. We think Donnell has hidden information here, but there doesn't seem to be anything special about the image. Can you help find the hidden information? Submit the flag as flag{this-is-the-flag}.

Link to Image
SHA1: 29141eea42be29f8fa28a9a1cc5e5118e63577b2

Solution:

During our standard workflow for file analysis we run binwalk to identify possible embedded files. For this challenge file we observe two JPEGs in the analysis:

$ binwalk steg01.jpg 

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             JPEG image data, JFIF standard 1.01
30            0x1E            TIFF image data, big-endian, offset of first image directory: 8
13266         0x33D2          JPEG image data, JFIF standard 1.01
13296         0x33F0          TIFF image data, big-endian, offset of first image directory: 8

We used foremost to extract the files and the second image contained the flag: