Stego: Beatles writeup: Challenge

Beatles stego write up

Tools:

1. fcrackzip
2. strings
3. steghide
4. base64 decoder

Steps:

1. Download the zip file
2. extract the zip file with password "hackthebox"

3. unzip the BAND.zip with fcrackzip using rockyou.txt password list and the password is "pass". Command used "fcrackzip -u -D -p rockyou.txt BAND.zip"/"
4. Use steghide on BAND.jpg with password THEBEATLES. Command used "steghide extract -sf BAND.JPG -p THEBEATLES". It will give "testabeatle.out" file.
5. Now use strings command on testabeatle.out to get a base64 encoded string. Command used "strings testabeatle.out | awk 'length($0) > 20'" It will give base64 "VGhlIHRvdXIgd2FzIGNhbmNlbGVkIGZvciB0aGUgZm9sbG93aW5nIG1vbnRoLi4uIQ0KDQpJJ2xsIGdvIG91dCBmb3IgZGlubmVyIHdpdGggbXkgZ2lybGZyaWVuZCBuYW1lZCBZb2NvISA7KQ0KDQpIVEJ7UzByUnlfTXlfRlIxM25EfQ0K".
6. Decode the base 64 to get the flag.

Commands:

1. fcrackzip -u -D -p rockyou.txt BAND.zip
2. steghide extract -sf BAND.JPG -p THEBEATLES
3. strings testabeatle.out | awk 'length($0) > 20'
4. echo "VGhlIHRvdXIgd2FzIGNhbmNlbGVkIGZvciB0aGUgZm9sbG93aW5nIG1vbnRoLi4uIQ0KDQpJJ2xsIGdvIG91dCBmb3IgZGlubmVyIHdpdGggbXkgZ2lybGZyaWVuZCBuYW1lZCBZb2NvISA7KQ0KDQpIVEJ7UzByUnlfTXlfRlIxM25EfQ0K" | base64 --decode

Flag:

HTB{S0rRy_My_FR13nD}

Reference:

1. https://forum.hackthebox.eu/discussion/160/beatles
2. https://forum.hackthebox.eu/discussion/276/beatles-steg

Video: