BTLO - Meta

Posted on 2024-01-31 | Post modified | In Security Practice｜BTLO｜Digital Forensic |

BTLO - Meta

Challenge: https://blueteamlabs.online/home/challenge/meta-b976cec9e2

Scenario

The attached images were posted by a criminal on the run, with the caption “I’m roaming free. You will never catch me”. We believe you can assist us in proving him wrong.

Q1

What is the camera model?

Recon

問有關圖片相關的forensics直覺就是利用exiftool幫忙parse其中的內容，之後再慢慢extract出有用的資訊，~~或是直接丟到chatgpt幫忙extract問題的答案~~

Exploit

$ sudo apt install exiftool -y
$ exiftool uploaded_1.JPG > uploaded1_exiftool.txt
$ exiftool uploaded_2.png > uploaded2_exiftool.txt

chatgpt紀錄

Flag: Canon EOS 550D

Q2

When was the picture taken?

Exploit

這個也是直接看exiftool parse出的Create Date info就好

Flag: 2021:11:02 13:20:23

Q3

What does the comment on the first image says?

Exploit

直接看Comment的欄位就有了

Flag: relying on altered metadata to catch me?

Q4

Where could the criminal be?

Exploit

這個直接以圖搜圖，就看到類似的建築物在加德滿都

Flag: Kathmandu

Post author: SBK6401
Post link: https://bernie6401.github.io/BTLO-Meta/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.