Monday, March 2, 2015

PragyanCTF - Steganography - What you see is what you get.

This was my first time competing in the PragyanCTF and they did a great job. Each category had a variety of challenges with varying difficulty. Knowing this is a stego challenge, we should look if there are embedded files within the jpeg they give us: stego_50.jpeg.


Using binwalk we can check for embedded files:



As we can see there’s a zip archive file named “usethis.zip” within the  jpeg file.   With help from the dd tool, we can extract the zip file from our jpeg.


After running the extraction using binwalk/dd, we now have 2 files: usethis.zip and 29E0.zip


Only one appears to be a zip archive, the other shows only as a data file.


Unzipping the archive with 7zip, we get a plaintext file, which contains a link towards the steghide tool on sourceforge.


Using the cat command on the other file shows a  plaintext string: Delta_Force\m/


Now we use the steghide tool to extract our file from the original stego_50.jpeg given to us at the beginning. Knowing that steghide will prompt us for a password password trying the string Delta_Force\m/ we were successfully able to pull out a file: key_stego_1


Using the cat command on the key_stego_1, we receive our flag: PrAgyaNCTF_sTeg1_key.

No comments:

Post a Comment