https://app.hackthebox.com/challenges/14

Description

We have intercepted an email sent by a terrorist cell. It contains only an image. Can you compare the modified image to its original and see if it has any meaning?

Exploitation

just xor the images

#!/usr/bin/env python3
import numpy as np
from PIL import Image

def main():
    intercepted = np.array(Image.open('intercepted.png'))  
    original = np.array(Image.open('original.png'))
    result = np.subtract(intercepted, original)
    Image.fromarray(result).save('result.png')

if __name__ == '__main__':
    main()

and after use zsteg

zsteg -a result.png | grep "b1,b,lsb,yx" | cut -d ":" -f2 | tr -d ' "' | head -n1 | base64 -d

Summary

BitsNBytes: reduce the custom rules to a scriptable check and use the smallest reliable path to the flag.