Some CTF challenges require analysis of images for colors, space, hidden words, etc.
Gimp is an image manipulation and paint program. If you are given two images and it appears that you need to lay them on top of each other to find the flag use gimp and change the opacity. Gimp is also able to remove layers of images and see the ones that are placed on top of each other.
pngcheck examines a pngfile for possible flags or other hidden information. Information about the tool can be found here
For many stegonagraphy challenges, the flags are hidden within the metadata.
The catch-all tool for stego that runs a combination of various tools below. It can be downloaded on github: https://github.com/bannsec/stegoVeritas.
Another stego tool that must be installed using ruby.
Exiftool is a great command line tool for reading metadata from a file. It can also adjust information within the metadata of a file like create time and modify time.
Strings prints the printable characters within a file, no matter the file. This command is also helpful for forensics and reverse engineering challenges.
Identify is a command that prints characteristics of an image file. The verbose flag outputs important metadata for CTFs.
Stegsnow is a great command to find information in the whitespace of an image.
The file command expresses the type of file provided. It examines the header data of a file and returns the file type.
Bless is a graphical editor of files and allows you to change the file itself like the magic number, header data, boot location, etc.
Some CTF challenges provide office products like excel, word, or powerpoint. Often, the office product contains a
Examine Microsoft office documents for macros using olevba, which is a script to parse OLE and OpenXML files such as MS Office documents and to extract VBA Macro code in clear text, deobfuscate and analyze malicious macros.
Command: olevba location_of_file
Examine OLE files where it searches for streams of data within Office files that could hold malicious macros.
PDFs have some interesting stego challenges.
A tool that can identify fundamental elements of PDFs
pdf-parser.py –filter –raw –object 237 ouch.pdf
pdf-parser.py –filter –raw –type /Filespec ouch.pdf
pdf-parser.py ouch.pdf –filter –raw –object 235 -d ouch_embedded.txt
A tool to test a pdf file, looks for PDF keywords within PDF file.
A tool to look at specific objects and object streams within possibly malicious PDFs
A tool that can allow you to walk through a PDF via a GUI, most likely use on Windows machine to inspect PDF.
A tool that can be used on the command line to find metadata of a pdf.