THM- CC: Steganography
In the room we are introduced to several tools:
- Steghide
- zsteg
- exiftool
- Stegoveritas
- Spectograms
The final slide introduces us to three challenges, here are my solutions:
For Key 1 we have a .jpeg file. We first run exiftool to look at the metadata and find a hint under document name.
exiftool exam1.jpeg
ExifTool Version Number : 12.32
File Name : exam1.jpeg
Directory : .
File Size : 8.6 KiB
File Modification Date/Time : 2021:11:16 11:09:54-05:00
File Access Date/Time : 2021:11:16 11:09:55-05:00
File Inode Change Date/Time : 2021:11:16 11:09:54-05:00
File Permissions : -rw-r--r--
File Type : JPEG
File Type Extension : jpg
MIME Type : image/jpeg
JFIF Version : 1.01
Exif Byte Order : Big-endian (Motorola, MM)
Document Name : password=admin
X Resolution : 1
Y Resolution : 1
Resolution Unit : None
Y Cb Cr Positioning : Centered
Image Width : 213
Image Height : 160
Encoding Process : Baseline DCT, Huffman coding
Bits Per Sample : 8
Color Components : 3
Y Cb Cr Sub Sampling : YCbCr4:2:0 (2 2)
Image Size : 213x160
Megapixels : 0.034
This leads to steghide, which we can try with the given password to see it we can extract anything.
steghide --extract -sf exam1.jpeg
Enter passphrase:
wrote extracted data to "a.txt".
cat a.txt
the key is: **********
For Key 2, we are given a .wav file
We can open the file in Sonic Visualizer and add a Spectrogram frame to find a URL, which leads to another image. This image file is a .png so we can use stegoveritas to analyze it. In the output file we search thru various filters and find nothing. Our next step is to ty zsteg.
zsteg --lsb KTrtNI5.png
imagedata .. text: ")))xxxLMO"
b1,bgr,lsb,xy .. text: "\rKey: *******"
b2,rgb,lsb,xy .. file: SoftQuad DESC or font file binary
b2,bgr,lsb,xy .. file: SoftQuad DESC or font file binary
For Key 3, we are given a .png file which has a QR code which isn’t readable. We utilize stegoveritas and search thru until we find a filter that lets us read the QR code. The link will take us to the last key