Beatles stego write up
Tools:
2. strings
3. steghide
4. base64 decoder
Steps:
1. Download the zip file2. extract the zip file with password "hackthebox"
3. unzip the BAND.zip with fcrackzip using rockyou.txt password list and the password is "pass". Command used "fcrackzip -u -D -p rockyou.txt BAND.zip"/"
4. Use steghide on BAND.jpg with password THEBEATLES. Command used "steghide extract -sf BAND.JPG -p THEBEATLES". It will give "testabeatle.out" file.
5. Now use strings command on testabeatle.out to get a base64 encoded string. Command used "strings testabeatle.out | awk 'length($0) > 20'" It will give base64 "VGhlIHRvdXIgd2FzIGNhbmNlbGVkIGZvciB0aGUgZm9sbG93aW5nIG1vbnRoLi4uIQ0KDQpJJ2xsIGdvIG91dCBmb3IgZGlubmVyIHdpdGggbXkgZ2lybGZyaWVuZCBuYW1lZCBZb2NvISA7KQ0KDQpIVEJ7UzByUnlfTXlfRlIxM25EfQ0K".
6. Decode the base 64 to get the flag.
Commands:
1. fcrackzip -u -D -p rockyou.txt BAND.zip2. steghide extract -sf BAND.JPG -p THEBEATLES
3. strings testabeatle.out | awk 'length($0) > 20'
4. echo "VGhlIHRvdXIgd2FzIGNhbmNlbGVkIGZvciB0aGUgZm9sbG93aW5nIG1vbnRoLi4uIQ0KDQpJJ2xsIGdvIG91dCBmb3IgZGlubmVyIHdpdGggbXkgZ2lybGZyaWVuZCBuYW1lZCBZb2NvISA7KQ0KDQpIVEJ7UzByUnlfTXlfRlIxM25EfQ0K" | base64 --decode
Flag:
HTB{S0rRy_My_FR13nD}Reference:
1. https://forum.hackthebox.eu/discussion/160/beatles2. https://forum.hackthebox.eu/discussion/276/beatles-steg
No comments:
Post a Comment