you@chainsawcannon:/Blog/Riffhack-BMBI-Moon-Prism-Packet-Secrets/Information$
This was posted on June 21st, 2026 at 9:50PM EST
you@chainsawcannon:/Blog/Riffhack-BMBI-Moon-Prism-Packet-Secrets$
About The Challenge
"A late-night idol rehearsal leak includes one selfie and a whisper of intercepted packets. The photo looks harmless, but the gradient refuses to keep the guardians secret quiet"
CTF: RIFFHACK: Black Market Break-In
Difficulty: easy
Category: Forensics
The Challenge itself
The challenge for this CTF gave two files for download, an image that appears like this and a pcap file.
Opening the moon_chat.pcap file in wireshark appears with an intercepted chat between two entities, Artemis and Luna. The chat reads as such:
Artemis: "That idol selfie felt too heavy. Did you stash the intel?"
Luna: "Affirmative. Append the rehearsal diary after the MOONSHINE marker"
Artemis:"Go for it. Carve after the sentinel. Its still a ZIP."
Luna: "Remember, the instructions live only in this capture. Delete after listening"
So the files mention some sort of ZIP file and stashed intel so I was safe to assume this was some form of Steganography challenge and the flag would be stored within the image itself. I found some tools for this courtesy of 0xrick and used them to my advantage. First I looked within the image using exiftool on a Parrot Linux Security Edition Virtual Machine to have these results given to me in the terminal:
There was indication of data being appended to this image as shown by the warning above, looking deeper for other tools I decided to use Binwalk to look at the image to give more indications.
The file recieved contains a zip file with diary_entry.txt, binwalk can also be used to extract the data from this image so using binwalk -e in my terminal resulted in the following text file being extracted:
"Dear Luna,
I slipped the rehearsal diary behind the MOONSHINE marker in the selfie, just like the idol manager asked. Anyone inspecting pixel data without carving tools should only see a pretty gradient.
Flag: bitctf{{m00n_pr15m_p4yl04d}}
Usagi"
Theres the flag! This challenge was nice and was very simplistic to do, a nice warm-up for this CTF!
