picoCTF Forensics Guide

here's how to solve Glory of the Garden

Back to the Forensics Guides

Glory of the Garden

Name: Glory of the Garden
Description: This garden contains more than it seems.
Author: jedavis/Danny
Tags: Easy, Forensics, picoCTF 2019
Challenge from: picoCTF 2019
Files: garden.jpg
Hints:
1. What is a hex editor?

Theory

According to the description, we're gonna look through an image of a garden probably the metadata, but not really sure. Although if we look at the only hint, it seems we'll use a hex editor, so maybe the flag is somewhere inside the file, and I don't think it'll be in the metadata since they didn't mention anything about it.

Solution

Let's download the file and unzip it:

shukularuni-picoctf@webshell:~$ wget https://jupiter.challenges.picoctf.org/static/d0e1ffb10fc0017c6a82c57900f3ffe3/garden.jpg
--2025-04-26 16:53:52--  https://jupiter.challenges.picoctf.org/static/d0e1ffb10fc0017c6a82c57900f3ffe3/garden.jpg
Resolving jupiter.challenges.picoctf.org (jupiter.challenges.picoctf.org)... 3.131.60.8
Connecting to jupiter.challenges.picoctf.org (jupiter.challenges.picoctf.org)|3.131.60.8|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2295192 (2.2M) [application/octet-stream]
Saving to: 'garden.jpg'

garden.jpg                                                          100%[=================================================================================================================================================================>]   2.19M  1.84MB/s    in 1.2s    

2025-04-26 16:53:53 (1.84 MB/s) - 'garden.jpg' saved [2295192/2295192]

shukularuni-picoctf@webshell:~$ ls
QuickSFV.exe  README.txt  garden.jpg  links

shukularuni-picoctf@webshell:~$ exiftool garden.jpg 
ExifTool Version Number         : 12.40
File Name                       : garden.jpg
Directory                       : .
File Size                       : 2.2 MiB
...

Nope, doesn't seem to be anything useful in the metadata as I thought in the theory. Let's try and rean the hex with xxd:

shukularuni-picoctf@webshell:~$ xxd garden.jpg | less

Or maybe not, because the image is 2.2 megabytes, and scrolling through all that will take some time. So instead let's just search for the flag format by just piping it to grep:

shukularuni-picoctf@webshell:~$ xxd garden.jpg | grep "picoCTF{"

Nothing? That's weird, maybe not xxd, let's just take the entire file and give it to grep:

shukularuni-picoctf@webshell:~$ cat garden.jpg | grep "picoCTF{"
grep: (standard input): binary file matches

Wait, no. I'm so dumb, I just remembered we can't really search through the binary of the image, if we need to search text, we have to search THROUGH text. So we'll get all the strings of the file and then search for it. That should do it:

shukularuni-picoctf@webshell:~$ strings garden.jpg | grep "picoCTF{"
Here is a flag "picoCTF{more_than_m33ts_the_3y3eBdBd2cc}"

There we go! That's the flag.

I rated this level as "good"! :3

https://play.picoctf.org/practice/challenge/408

Explore My Website