Room: The Impossible Challenge
Created by: 0day
Examining the page leaves us with what looks like a cipher.
The order to decode the hint:
The hint is: It’s inside the text, in front of your eyes.
Basic enumeration on the zip with
binwalk, etc only reveals it’s just a password protected zip containing a file
flag.txt. There must be more to the page. If I know one thing about tryhackme there’s a lot of steg challenges. Our hint is it’s in front of our eyes but what does that mean? Hmm maybe steg?
Like they say.. you don’t know what you don’t know. I was hitting a wall with this challenge and decided to start googling as a last ditch effort.
hide text 2 characters with spaces I get a suspicious first result. Upon further investigation I decided to go down this route.
Googling some more I found a lot of online js webapps, python libraries, and even chrome and firefox extensions regarding zero width character steganography.
After installing this chrome extension I noticed something interesting on the page. There are a few browser extensions I stumbled on. They are highlighted in the Null Byte article and the accompanying Cyber Weapons Lab Episode below.
After finding the hidden text on the page we get the password to the zip and can read flag.txt.
The_Hoid, a writer for Null Byte did a great job explaining this topic so I’ll leave you with his article and the Cyber Weapons Lab Episode.
Use Zero-Width Characters to Hide Secret Messages in Text (& Even Reveal Leaks) - Null Byte
This was a fun challenge from 0day. My key takeaway from this challenge is never under estimate googling like a five year old. At very least it could present a new topic that might be worth exploring to add to your knowledge or something to put in your notes to explore later. Enjoy hiding messages!