If you are interested in and , then steganography challenges (which come under the broad category of digital forensics) are the easiest to get into. Because you don't need to learn a lot of concepts to solve your first challenge. And once you have solved these, you can go on to learn and other techniques. hacking ctfs web exploitation binary exploitation In this article, we are going to solve the following steganography problem listed on – defendtheweb.net https://defendtheweb.net/playground/squashed-image We have an image and a field with Username and Password. It is a steganography challenge, so we should start by looking into the image. One of the things you learn while playing ctfs is to use the right tools to get the job done. And for me, the first thing I usually do is open up the file in a Hex Editor that lays out all the bytes used in images. It’s somewhat like looking at the source code of a website. [But of course, no developer hides their password in the source code] Now we have two options - 1. Use an online tool to open the file – Or, https://hexed.it/ 2. Use an app to open the file locally – for example, the for Windows HxD editor Every file has a few signature bytes that can be used to identify it. And for jpg images, its header bytes are and ending or footer bytes . These are hexadecimal numbers, and you can find the corresponding ASCII text in the section. FF D8 FF D9 Decoded text As you can see in the hex editor below, there is more text after the footer byte. And it clearly reads as . secret.txt If it were a long file, we’d have to copy these extra bytes into a new file. After that, you can change it to a desirable extension or save it as a Zip. But as we can see here, there is no reason to do that because the secret text is already visible. Can you see the username and passphrase there? These are the credentials we need to solve the challenge. user - admin, pass - safe We already have the solution but sometimes it's not visible so quickly. So here is the long-form solution. After the FF D9 bytes, you will see that the next byte translates to PK, which indicates the start of a zip file. , the co-creator of the zip file format. So we will save these bytes into a new file named secret.zip and extracting it gives us the same username and password. PK is short for Phil Katz Tools used -- HxD editor, WinZip extractor Happy Hacking!
