The Impossible Challenge
Room: The Impossible Challenge
Created by: 0day
Decoding the cipher
Examining the page leaves us with what looks like a cipher.
The order to decode the hint:
The hint is: It’s inside the text, in front of your eyes.
Basic enumeration on the zip with
binwalk, etc only reveals it’s just a password protected zip containing a file
flag.txt. There must be more to the page. If I know one thing about tryhackme there’s a lot of steg challenges. Our hint is it’s in front of our eyes but what does that mean? Hmm maybe steg?
Unicode zero-width characters steg
Like they say.. you don’t know what you don’t know. I was hitting a wall with this challenge and decided to start googling as a last ditch effort.
hide text 2 characters with spaces I get a suspicious first result. Upon further investigation I decided to go down this route.
Googling some more I found a lot of online js webapps, python libraries, and even chrome and firefox extensions regarding zero width character steganography.
After installing this chrome extension I noticed something interesting on the page. There are a few browser extensions I stumbled on. They are highlighted in the Null Byte article and the accompanying Cyber Weapons Lab Episode below.
What I used to solve the challenge330k's webapp
After finding the hidden text on the page we get the password to the zip and can read flag.txt.
The_Hoid, a writer for Null Byte did a great job explaining this topic so I’ll leave you with his article and the Cyber Weapons Lab Episode.
Use Zero-Width Characters to Hide Secret Messages in Text (& Even Reveal Leaks) - Null Byte
This was a fun challenge from 0day. My key takeaway from this challenge is never under estimate googling like a five year old. At very least it could present a new topic that might be worth exploring to add to your knowledge or something to put in your notes to explore later. Enjoy hiding messages!