binwalk -e <file>four times.
filecommand on it, I found it's just data.
stringscommand also found nothing as there was no noticable file signatures. I have no idea how, but I remembered one of the HackTheBox machine I did a long time ago, which the privilege escalation step would exploit the
videogroup of a low-privileged user. Hacktricks does a wonderful job explaining it, and in fact, they have a lot of great pentest tips and tricks.
ppt/slideMasters/hidden. Remove spaces and base64 decode it.
program.deb. Note that those two encrpyted messages are simply ROT13 encrypted. ROT13 decryption gives:
steghide. It turns out that we could use the password
DUEDILIGENCEto extract the flag from
srch_stringsfrom the sleuthkit and some terminal-fu to find a flag in this disk image: dds1-alpine.flag.img.gz
down-at-the-bottom.txt... Disk image: dds2-alpine.flag.img.gz