Post cover image

June 2, 2026

CTF Writeup: GHOST

Category: Steganography / Forensics Difficulty: Medium Challenge Image: ghost.png

Cybersensei-EH

2 min read

DESCRIPTION:

I am Omari, famous actor for the goated series known as Power book. I actually need your help, my image has been circulating and my friend at the FBI told be that I might be in trouble since terrorists are using my image to transfer some sensitive information about their attacks. Help me and get that important information and I will offer you some good quality reward as a flag for your needs. Please help me, thank you in advance.

Initial Reconnaissance (The Decoys)

The first step in any steganography challenge is to check for low-hanging fruit.

None

Checking Metadata: Running exiftool ghost.png reveals a comment:

Comment: flag{metadata_is_too_obvious_try_harder}
None

Result: FAKE FLAG. This is a red herring designed to distract beginners.

Checking Strings: Running strings ghost.png | grep "flag{" reveals two more signatures:

None

Result: FAKE FLAGS. These were appended to the binary to trick automated scripts.

FINDING WHAT IS THE REAL DEAL

Since the visible text is fake, we check if other files are embedded inside the PNG using binwalk.

None

There is an encrypted ZIP archive at the end of the image. We extract it using: "binwalk -e ghost.png"

None None

Upon trying to unzip the zip file, we cannot do so. The system prompts for a password. All passwords and common once tried dont work. bruteforcing still doesnt work, the password seems to be too strong.

Deep Visual Analysis

To find the password, we use Aperisolve, a tool that specializes in viewing an image's "Bit Planes."

  • Upload ghost.png to Aperisolve.com.
  • The "Strings" and "Exif" tabs confirm the fake flags we already found.
  • Scroll down to the Bit Viewers.

The Discovery: In the Blue Plane 0 (or Red Plane 0) image, the "noise" of the dark background disappears. Because the creator used a color difference of only 1 hex value (e.g., #000000 vs #000001), the text is invisible to the human eye but becomes high-contrast in this specific bit plane.

The hidden password is revealed: Ghost_never_dies_sensei

final phase

unzip 727A8.zip then enter the password above