HackTheBox Stego Challenge Senseless Behaviour

Stego Challenges are always fun to do. You always knew how thing needs to be done.

For any HackTheBox Challenge you need to first look for the Files that can be downloaded or Start instances with a given port on docker.hackthebox.eu and for any zip file first password is always hackthebox.

So, I downloaded the zip file and unzipped it with password "hackthebox" and a meow.wav file is there.

HackTheBox often consist of clues that can really help in understanding what needs to be done. For Web challenges always intercept requests via Burp Suite.

So, in this challenge we get to know that

John is practicing his steganography skills but don't let the space kittens affect what you see... There is more than one way to uncover hidden secrets.

So, I will now use some techniques to uncover the data inside this file. First binwalk command to check data.

$ binwalk meow.wav DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 12897995 0xC4CECB MySQL MISAM compressed data file Version 3 20226912 0x134A360 MySQL MISAM index file Version 3 26753717 0x1983AB5 MySQL MISAM compressed data file Version 2 36745260 0x230B02C MySQL MISAM compressed data file Version 11

Now, use string command to check if there is data in string of the file.

$ strings meow.wav | awk 'length($0) > 20' 35/*o7Q5p:p7=<,2]<5(d:] (A$"2P'M<P._@t0Q@B/=A #"A=)J>O+J6~)o-'$O'L!h! d+) e-z"(/&$R1V&'4u'k6 '*( :h:66\1T4,&cC9*~? 1*3S7u4(9B5#8x4A3@1H( .8#K/&#l0}(B4?,&4 '-,~#9& >s8aBB9wDf8gC>42@o28; AP:cBG2I:[:]=[;"<%Aq9$I #o;;%W@a"YAb V?G"B=R# 1|-.32/752/:60+{4^'p3 4l"[8Q$%:X&39>')4M%2.4# P^V_L~S29rD`AyR1?JM40D? 0pCD/YCS,8Bi)\BJ'qCF& C~'C?4&_CN*?ET)oCx"7J 6k5w6y8I3]:70S9X..7g.

Same output, nothing is there.

Now, I used Steghide and Stegbrute tool and find out meow.txt file using Stegbrute.

$ python steg_brute.py -b -d rockyou.txt -f meow.wav [i] Searching... 0%| | [+] Information obtained with password: skittles wrote extracted data to "meow.txt".

This meow.txt file consists of Base64 encoded data which I then converted and find out some random data which is similar to, if you do extract string from image files. So, I converted it to PNG file.

$ cat meow_flag.txt | base64 --decode | xxd -r -p > meow.png

So, let's use binwalk, strings and Stegsolve.

Then I found something with red-plane - a Braille.

A message in braille. Then I used Braille decoder https://www.dcode.fr/braille-alphabet

Now, I get the answer as "BLINDASABAT". Convert this into a small alphabets and submit.

Please share your comments and If you enjoyed this blog post, share it with a friend! See you guys in next post soon.

57 views0 comments