We’ve got a case of industrial espionage, quite an unusual one at that. An international building contractor – Hamilton-Lowe, has written to us that they are having their private client contracts leaked.
After conducting initial incident response, they managed to find a hidden directory on one of their public facing web-servers. However, the strange thing is, instead of having any sensitive documents, it was full of mp3 music files.
This is a serious affair as Hamilton-Lowe constructs facilities for high-profile clients such as the military, which means having building schematics leaked from them could lead to a lapse in national security.
We have attached one of these mp3 files, can you examine it and see if there is any hidden information inside?
So looking at the mp3 file, I ran a quick binwalk to see if there are any hidden files. It turns out there is a compressed zip folder containing a .wav file.
Further examination of the .wav file using the strings command, we see that there is a flag.png hidden in the file.
Now running binwalk on the .wav file and attempting to extract the image, we are stopped by a password:
Looking further into the .wav file, we don’t find anything interesting. So now we look at a wav spectrum analyzer to see if we can get anything.
We see that the password was hidden here the whole time: Shad0ws
Extracting the flag.png will give us our flag: