# picoCTF: Hidden in Plainsight Writeup
Hidden in plainsight
exiftool img.jpgBelow is the result of the command.
…/forensics/hidden-in-plainsights ❯ exiftool img.jpgExifTool Version Number : 13.36File Name : img.jpgDirectory : .File Size : 73 kBFile Modification Date/Time : 2025:10:27 20:54:44+08:00File Access Date/Time : 2025:10:27 20:59:18+08:00File Inode Change Date/Time : 2025:10:27 20:55:25+08:00File Permissions : -rw-r--r--File Type : JPEGFile Type Extension : jpgMIME Type : image/jpegJFIF Version : 1.01Resolution Unit : NoneX Resolution : 1Y Resolution : 1Comment : c3RlZ2hpZGU6Y0VGNmVuZHZjbVE9Image Width : 640Image Height : 640Encoding Process : Baseline DCT, Huffman codingBits Per Sample : 8Color Components : 3Y Cb Cr Sub Sampling : YCbCr4:2:0 (2 2)Image Size : 640x640Megapixels : 0.410As you can see in the comment, there’s a weird looking string. I would assume it is a base64 encoded string. So I try to decode the string using below command.
echo "c3RlZ2hpZGU6Y0VGNmVuZHZjbVE9" | base64 --decodeOutput = steghide:cEF6endvcmQ=
There’s another clue given there, steghide, that means we need to use steghide tool to solve this challenge, but first let’s decode the base64 string given. I would assume that’s the password to be used with steghide.
echo "cEF6endvcmQ=" | base64 --decodeOutput = pAzzword
Now that we know what tool to use and the password, we can move on to the next step.
steghide --extract -sf img.jpg -p pAzzwordOutput = wrote extracted data to "flag.txt".
I run ls to list all available files inside my directory, and yes there’s a new file created named flag.txt
Next just run cat command to print the content of the text file
cat flag.txtOutput = picoCTF{h1dd3n_1n_1m4g3_1c55ccd0}
Voila!
