Monday, March 2, 2015

PragyanCTF - Steganography - What you see is what you get.

This was my first time competing in the PragyanCTF and they did a great job. Each category had a variety of challenges with varying difficulty. Knowing this is a stego challenge, we should look if there are embedded files within the jpeg they give us: stego_50.jpeg.

Using binwalk we can check for embedded files:

As we can see there’s a zip archive file named “” within the  jpeg file.   With help from the dd tool, we can extract the zip file from our jpeg.

After running the extraction using binwalk/dd, we now have 2 files: and

Only one appears to be a zip archive, the other shows only as a data file.

Unzipping the archive with 7zip, we get a plaintext file, which contains a link towards the steghide tool on sourceforge.

Using the cat command on the other file shows a  plaintext string: Delta_Force\m/

Now we use the steghide tool to extract our file from the original stego_50.jpeg given to us at the beginning. Knowing that steghide will prompt us for a password password trying the string Delta_Force\m/ we were successfully able to pull out a file: key_stego_1

Using the cat command on the key_stego_1, we receive our flag: PrAgyaNCTF_sTeg1_key.

No comments:

Post a Comment