Home About Writeups

Intro to Stegano 1 - CSCG

Category: Stego
Difficulty: Baby
Author: explo1t

Reconnaissance

This is the file we got:

(same file, unmodified! You can try it yourself!)

At first I tried a quick file....

And that showed up. That's gonna be useful later.

Other than that I didn't really find anything other than what we're gonna do next.

Exploitation

Trying to use steghide asks us for a password. I tried the comment as a password, and it worked!

Now we just have to extract it with steghide:

And cat it out

And there's the flag.

Mitigation

Don't really know what to say here, don't hide stuff in images? Someones gonna find it eventually if the password is weak / just written into the file.

With a strong password that's not just written down somewhere I can see the potential.

~sw1tchbl4d3, 09/08/2020 (dd/mm/yyyy)