BTLO - Meta

Posted on 2024-01-31 | Post modified | In Security/Practice/BTLO/Digital Forensic |

BTLO - Meta

Challenge: https://blueteamlabs.online/home/challenge/meta-b976cec9e2

:::spoiler TOC [TOC] :::

Scenario

The attached images were posted by a criminal on the run, with the caption “I’m roaming free. You will never catch me”. We believe you can assist us in proving him wrong.

==Q1==

What is the camera model?

Recon

問有關圖片相關的forensics直覺就是利用exiftool幫忙parse其中的內容，之後再慢慢extract出有用的資訊，~~或是直接丟到chatgpt幫忙extract問題的答案~~

Exploit

$ sudo apt install exiftool -y
$ exiftool uploaded_1.JPG > uploaded1_exiftool.txt
$ exiftool uploaded_2.png > uploaded2_exiftool.txt

chatgpt紀錄

:::spoiler Flag Flag: Canon EOS 550D :::

==Q2==

When was the picture taken?

Exploit

這個也是直接看exiftool parse出的Create Date info就好

:::spoiler Flag Flag: 2021:11:02 13:20:23 :::

==Q3==

What does the comment on the first image says?

Exploit

直接看Comment的欄位就有了

:::spoiler Flag Flag: relying on altered metadata to catch me? :::

==Q4==

Where could the criminal be?

Exploit

這個直接以圖搜圖，就看到類似的建築物在加德滿都

:::spoiler Flag Flag: Kathmandu :::

Post author: SBK6401
Post link: https://bernie6401.github.io/security/practice/btlo/digital%20forensic/2024/01/31/BTLO-Meta/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.