We are greeted with two challenge files: BAND.zip and m3ss@g#_f0r_pAuL. If we try to unzip the ZIP file, it asks for a password. Let me fire it up in fcrack and look at the txt file.
Looks like a simple subsitution cipher. Let me drop in Cryptii and see what I can find.
It looks like it's a Caesar Cipher with a -13 substitution. Funny thing is, if I switch back to my fcrack tab, it's already figured out that the password is 'pass'. Didn't really need to crack the message, but hey, it's good recognition practice XD So, we unzip BAND and are given a BAND.JPG (Dear God, why the CAPS?!?!) which is just a simple picture of one of the Beatles album covers (a silhouette of the Help! album cover if memory serves). Since we are in Stego, learn and love binwalk and stegsuite. You'll need them.
Binwalk gave us nothing useful, and steghide extract asks for a password, which we don't have yet. Unfortunately, this one takes a little bit of guesswork. The challenge is about the Beatles so let's start there with TheBeatles. That didn't work. I tried the beatles, The Beatles. thebeatles, The_Beatles, etc. Wait, the author apparently has a thing for CAPS so let's try THEBEATLES. BINGO!
An ELF file? Did this Stego turn into a Reversing? Let's run strings on it and see what happens.
Well that string looks interesting and looks like Base64. Let's decode it and see what John is saying.
$ echo 'VGhlIHRvdXIgd2FzIGNhbmNlbGVkIGZvciB0aGUgZm9sbG93aW5nIG1vbnRoLi4uIQ0KDQpJJ2xsIGdvIG91dCBmb3IgZGlubmVyIHdpdGggbXk
gZ2lybGZyaWVuZCBuYW1lZCBZb2NvISA7KQ0KDQpIVEJ7UzByUnlfTXlfRlIxM25EfQ0K' | base64 -d
The tour was canceled for the following month...!
I'll go out for dinner with my girlfriend named Yoco! ;)