Hey guys it’s your boy ouranos again , and today we will solve the challenges in the CC: Steganography room
[steghide]:
To extract the hidden message we need to use this command
┌─[ouranos@parrot]─[~/ctf/thm/ccsteg/spect]
└──╼ $steghide extract -sf jpeg1.jpeg
extract : extract data and put it in a file
-sf : select stego file
[zsteg]:
To find png1.png’s hidden message, and the payload used to encrypt it, you do not need to use any arguments with zsteg.
zsteg png1.png
[Exiftool]
To extract the document name we need to extract metadata using exiftool :
exiftool jpeg3.jpeg
[Stegoveritas]
To find jpeg2.jpeg’s hidden message we run the file as an argument into stegoveritas with no options specified.
┌─[ouranos@parrot]─[~/ctf/thm/ccsteg/spect]
└──╼ $stegoveritas jpeg2.jpeg
You can see that stegovertias found something using steghide and stored it in a bin file
[Spectrograms]
To find the hidden text in the included wav2 file we need to open the wav2.wav in sonic-visualiser
click Layer->Add Spectrogram and you should see the hideen message .
[The final exam]
deploy the machine and open the IP in the browser
— key 1 :
download the image
the first thing to do is get all metadata :
┌─[ouranos@parrot]─[~/ctf/thm/ccsteg/spect]
└──╼ $exiftool exam1.jpeg
we got a password , i think this password is for steghide
and we got the first key
— key2 :
In the second stage we got a wav file download it and open it in the sonic-visualiser and add a Spectrogram layer
the audio lead us to another png file :
i’ts a png so we gonna use the zsteg
and we got our second key
— key 3 :
in this challenge we have a damaged qr code
so we gonna use stegoveritas to change the colors of the qr code to be scannable
┌─[ouranos@parrot]─[~/ctf/thm/ccsteg]
└──╼ $stegoveritas qrcode.png
wait a while and check for the result and scan it then you will get the key
Thanks for reading , happy hacking :)
