Hidden

Challenge:

I swear I had the flag a minute ago, but now it seems to be hidden somewhere…

Go back to level 3 and analyze the files of the challenges again. If you look hard enough, you can find an additional flag.

Solution:

Following the challenge instructions I copied the images from level 3 and placed them in a directory:

$ ls -l1
beehive.png
caesarsmeme.jpg
sunshine.png
symbols.png

I first attempted to locate the flag as an embedded string in one of the images (strings * | grep -i he2021), which produced nothing. I then viewed hexdumps the footers for each file to check if there was trailing data or embedded files and spotted odd characters in the sunshine.png file.

$ xxd sunshine.png

0011aac0: 2020 2020 207c 207c 2020 2020 2020 2020       | |        
0011aad0: 2020 2020 2f5f 2f20 2020 2020 2020 2020      /_/         
0011aae0: 2020 2020 0a7b 2274 696d 6573 7461 6d70      .{"timestamp
0011aaf0: 223a 2232 3032 312d 3034 2d30 3154 3138  ":"2021-04-01T18
0011ab00: 3a35 313a 3432 2e32 3835 2b30 303a 3030  :51:42.285+00:00
0011ab10: 222c 2273 7461 7475 7322 3a32 3030 2c22  ","status":200,"
0011ab20: 6572 726f 7222 3a22 4f4b 222c 226d 6573  error":"OK","mes
0011ab30: 7361 6765 223a 2222 2c22 7061 7468 223a  sage":"","path":
0011ab40: 222f 7265 7374 2f75 7365 722f 6368 616c  "/rest/user/chal
0011ab50: 6c65 6e67 652f 382f 6669 6c65 227d       lenge/8/file"}

I dumped the entire file with XXD and scolled back to find the flag written as verticle ASCII art.

0011a000: 2020 2020 7c20 7c5f 5f20 2020 2020 2020      | |__       
0011a010: 2020 2020 7c20 275f 205c 2020 2020 2020      | '_ \      
0011a020: 2020 2020 7c20 7c20 7c20 7c20 2020 2020      | | | |     
0011a030: 2020 2020 7c5f 7c20 7c5f 7c20 2020 2020      |_| |_|     
0011a040: 2020 2020 2020 5f5f 5f20 2020 2020 2020        ___       
0011a050: 2020 2020 202f 205f 205c 2020 2020 2020       / _ \      
0011a060: 2020 2020 7c20 205f 5f2f 2020 2020 2020      |  __/      
0011a070: 2020 2020 205c 5f5f 5f7c 2020 2020 2020       \___|      
0011a080: 2020 2020 205f 5f5f 5f20 2020 2020 2020       ____       
0011a090: 2020 2020 7c5f 5f5f 205c 2020 2020 2020      |___ \      
0011a0a0: 2020 2020 2020 5f5f 2920 7c20 2020 2020        __) |     
0011a0b0: 2020 2020 202f 205f 5f2f 2020 2020 2020       / __/      
0011a0c0: 2020 2020 7c5f 5f5f 5f5f 7c20 2020 2020      |_____|     
0011a0d0: 2020 2020 2020 5f5f 5f20 2020 2020 2020        ___       
0011a0e0: 2020 2020 202f 205f 205c 2020 2020 2020       / _ \      
0011a0f0: 2020 2020 7c20 7c20 7c20 7c20 2020 2020      | | | |     
0011a100: 2020 2020 7c20 7c5f 7c20 7c20 2020 2020      | |_| |     
0011a110: 2020 2020 205c 5f5f 5f2f 2020 2020 2020       \___/      
0011a120: 2020 2020 205f 5f5f 5f20 2020 2020 2020       ____       
0011a130: 2020 2020 7c5f 5f5f 205c 2020 2020 2020      |___ \      
0011a140: 2020 2020 2020 5f5f 2920 7c20 2020 2020        __) |     
0011a150: 2020 2020 202f 205f 5f2f 2020 2020 2020       / __/      
0011a160: 2020 2020 7c5f 5f5f 5f5f 7c20 2020 2020      |_____|     
0011a170: 2020 2020 205f 2020 2020 2020 2020 2020       _          
0011a180: 2020 2020 2f20 7c20 2020 2020 2020 2020      / |         
0011a190: 2020 2020 7c20 7c20 2020 2020 2020 2020      | |         
0011a1a0: 2020 2020 7c20 7c20 2020 2020 2020 2020      | |         
0011a1b0: 2020 2020 7c5f 7c20 2020 2020 2020 2020      |_|         
0011a1c0: 2020 2020 2020 205f 5f20 2020 2020 2020         __       
0011a1d0: 2020 2020 2020 2f20 2f20 2020 2020 2020        / /       
0011a1e0: 2020 2020 207c 207c 2020 2020 2020 2020       | |        
0011a1f0: 2020 2020 3c20 3c20 2020 2020 2020 2020      < <         
0011a200: 2020 2020 207c 207c 2020 2020 2020 2020       | |        
0011a210: 2020 2020 2020 5c5f 5c20 2020 2020 2020        \_\   

The accepted flag was, he2021{Wh0_is_scared_0f_h3xdump5?}