Name: Da Vinci
Hint: Try to find out the secret which is hiding inside of these pictures and learn the truth about Mona Lisa!
Base Points: Easy - Retired [0]
Rated Difficulty:
Creator: nickvourd

We are presented with three files:


Looking at the title of the last picture and the picture itself, we can guess that the password is TOM.

$steghide extract -sf Thepassword_is_the_small_name_of_the_actor_named_Hanks.jpg 
   Enter passphrase: TOM
   wrote extracted data to "S3cr3t_m3ss@g3.txt"
   $ cat S3cr3t_m3ss@g3.txt 
   Hey Filippos,
   This is my secret key for our folder.... (key:020e60c6a84db8c5d4c2d56a4e4fe082)
   I used an encryption with 32 characters. hehehehehe! No one will find it! ;)
   Decrypt it... It's easy for you right?
   Don't share it with anyone...plz!

   if you are reading that, call me!
   I need your advice for my new CTF challenge!


So, we have an MD5 string of '020e60c6a84db8c5d4c2d56a4e4fe082'.  Let's throw it into Crack Station and see what happens.

So, the MD5 converts to 'leonardo'.  Let's examine the monalisa.jpg file next with strings.  The final two entries of that strings output are what we need:


and running strings against Plans.jpg, we get https://www.youtube.com/watch?v=jc1Nfx4c5LQ

Now we know there are 2 files inside of the Mona Lisa, let's binwalk it.  Sure enough, there's more than meets the eye.

$ binwalk -e monalisa.jpg 

   0             0x0             JPEG image data, JFIF standard 1.01
   450363        0x6DF3B         Zip archive data, at least v2.0 to extract, uncompressed size: 
   117958, name: famous.zip
   450440        0x6DF88         Zip archive data, encrypted at least v2.0 to extract, compressed size: 117776, uncompressed size: 
   122869, name: Mona.jpg
   568411        0x8AC5B         End of Zip archive, footer length: 22
   568537        0x8ACD9         End of Zip archive, footer length: 22

This pops out the famous.zip file.  Unzip it with the leonardo password and we are met with Mona Lisa with duckface and a cell phone (commentary on the current socio-political climate?).  Let's extract anything using steghide on the new Mona.jpg and it asks for a password.  TOM and leonardo didn't work, so let's try the name of that YouTube video: 'Guernica'.  Success! Base64 Decode and we're done!

$steghide extract -sf Mona.jpg 
    Enter passphrase: Guernica
    wrote extracted data to "key".

    $ cat key
    $ echo 'U0ZSQ2UwMHdia0JmVERGNlFGOGhjMTlFTTBCRWZRPT0=' | base64 -d
    $echo 'SFRCe00wbkBfTDF6QF8hc19EM0BEfQ==' | base64 -d

With those Base64 Decodes finished, so is this challenge.  Onwards and Upwards!