Hack The Box Retired Stego Challenges
Hello Stego Lovers,
This is a write up for some of HTB Retired Stego Challenges
I have liked it’s ideas
TheFutureBender
1- By Extracting the zip file we got 2 files
futurama.jpg
GenderBender.txt
The jpg is a normal picture have 3 Char on it ( B , F , L )
and the text contains a link
Time Travel what’s that all about?
2- Open this link to find another picture of bender ( the robot ) looking for some binary
3- from a stego perspective i was knew that i have to find a passphrase to extract something from the jpgs i have
after many failed tries i got inspired from the second image, converted the 3 char on the first image which is ‘BFL’ to binary to get this output
010000100100011001001100
4- steghide on the first image with this binary as passphrase
5- finally was able to extract is and the content of it was
TheFutureGives you the last riddle can you solve it?
001011110111010001101000011010010111001100100000011001010111100101100101001000000111001101100101011001010111001100100000011001010111011001100101011100100111100101110100011010000110100101101110011001110101110000001010
it’s obvious that we need to convert it back to text
/this eye sees everything\
6- now it’s our last riddle to get the flag a quick google to the text we have
and the flag was
HTB{eye_of_providence}
BitsNBytes
1- Unzip the file to find 2 images in png format and they looks exact the same
2- i was know that there is should be a difference between them but how to extract that!
i used the the lovely stegsolve tool, there is a feature called image combiner in the Analyze tab
3- adding the intercepted.png, playing around till reach the SUB panel to find that there is small white dots at the very left side of the subbed image
new we can spot the difference with an eye
4- at first i thought it might be morse code, but it turned out to be a binary codes in the end so i make a python script using LIP module to extract the first Vertical line and translate the black pixel to 0 and the white pixel to 1
5- execute the code to get this binary output
6- Converted binary to text to find a base64 output, decode it to get the flag
Output : SFRCezFmX2FfdzAwZF9jaHVja19jMHVsZF9jaHVja193MDBkfQ==
Decoded : HTB{1f_a_w00d_chuck_c0uld_chuck_w00d}
Beatles
1- Unzip the file to find a text msg and an another password protected zip file
m3ss@g#_f0r_pAuL
BAND.zip
2- opening the txt message to find that it’s not in a readable format so i assumed that it can be solved with caesar cipher but it was even easier,
it was rot13
2- i have used a small utility called rot13 to make it readable
3- now it’s obvious that we need to crack the zip file
the right thing was using crunch to generate a wordlist with 4 char as he said in the message but i was lazy, so i have used rockyou instead and i get the pass in less than a sec, simple enough
4- unzip the BAND.zip with ‘pass’ as the password to get an image named BAND.JPG containing the logo of the band that the challenge named of
5- after trying many steganography tools and techniques i got bored and decide to crack the image using stegcracker, but it took like 10 mins without any output so i tried to do it manually with guessing some passwords.
after some another failed manual tries, i looked at the image and used ‘THEBEATLES’ as the passphrase and it worked LOL
extracted out an ELF program
note: ‘THEBEATLES’ passphrase is in rockyou wordlist so it was should cracked after amount of time as well
6- when i run the ELF it was gives some sort if mathematical challenges and stuff, so i just did strings on it to find a base64 encoding
7- decoded that to get the flag :D
Da Vinci
1- Extracted 3 jpg images
monaliza.jpg
Plans.jpg
Thepassword_is_the_small_name_of_the_actor_named_Hanks.jpg
2- one of them was much clear that we should start from here
indeed extracted the first file ‘S3cr3t_m3ss@g3.txt’ with ‘TOM’ as a password to the third image
3- Ok we got another key now so we can extract another file from the other images, tried it no both nothing worked
i figure out that it’s a 32 char so it should be MD5, cracked it to get ‘lenoardo’ as the plain text, tried it and again no luck
4- well we have to find another way, did strings on the images and something get my attention, there was a youtube link in the last line of Plans.jpg strings
5- opened it to find that it’s a video of a famous Picasso painting called ‘Guernica’
there was nothing else in the video really but i tried the name of the painting as the passphrase to steghide but again no luck
6- i came to mind that maybe there is some files hidden embedded in the binary of the images so i run binwalk tool on the image and indeed i found it
there was a zip file hidden in monalisa.jpg
7- Extract it with foremost tool or using ‘binwalk -MDe monalisa.jpg’ it’s doesn’t really matter
now we have a password protected zip file called famous.zip
we can crack it or using passwords from what we already gathered
‘leonardo’ worked as i thought, because monalisa is related to
leonardo da vinci ;)
and we got a fourth jpg called Mona.jpg.
8- now we can bruteforce the password but i hate bruteforcing challenges,
so we have 1 thing left the youtube video and it’s name ‘Guernica’
and it worked, file named ‘key’ extracted
9- now it’s base64 let’s decode it, oh nice it decoded to another base64 and another one :3
Finally got the flag after 3 decode times
#cat key | base64 -d | base64 -d | base64 -dHTB{M0n@_L1z@_!s_D3@D}
Kinda Silly challenge isn’t it !
Hope you enjoyed , contact me if something wasn’t clear enough
Cheers.
