Level 10 has obviously hidden the flag in the sound, but how can we retrieve it?

What kind of sound is this? Sorcery perhaps??

Just like what we have done for the previous levels which require us to analyze a file (e.g. exe, pcap), let’s download the “Flag.wav” file.

Since this is an audio file, you need to use an audio editor software to analyze it. One of the most popular audio editor tool in the market is Audacity. It is a free software that have been in the market for many years, I think I first came across this tool over 10 years ago! Back then, I used this tool to crop ring tones for my mobile phone.

Audacity is very simple to use. You just need to drag and drop the “Flag.wav” file into Audacity to open it. When asked to make a copy or read the files directly, you can choose to make a copy, it doesn’t really matter in our case.

If you have played the audio, you will know that it is basically a very short high-pitch sound. As the program is able to identify/analyse the hertz of the audio file, you will see that it is currently 44,100 Hz. Let’s reduce it to 8000 Hz. Better now? I bet you could already hear something.

To make it even better, you can select on the menu bar, “Effect > Amplify…” to increase the volume of the file. After doing so, you will hear the voice, letter-by-letter, spelling the flag – “infosec_flagis_sound”

Back to write-up list for InfoSec Institute CTF #1: Hacking for n00bz