Hidden in Plain Sight

Written by shelstronic | Published 2023/05/10
Tech Story Tags: ctf-writeup | image-steganography | capture-the-flag | hacking | ethical-hacking | hidden-in-plain-sight | hex | software-engineering

TLDRIf you are interested in hacking and ctfs, then steganography challenges (which come under the broad category of digital forensics) are the easiest to get into. Because you don't need to learn a lot of concepts to solve your first challenge. Once you have solved these, you can go on to learn web exploitation and other binary exploitation techniques.via the TL;DR App
If you are interested in 
hacking
and 
ctfs
, then steganography challenges (which come under the broad category of digital forensics) are the easiest to get into. Because you don't need to learn a lot of concepts to solve your first challenge. And once you have solved these, you can go on to learn 
web exploitation
and other 
binary exploitation
techniques.
In this article, we are going to solve the following steganography problem listed on 
defendtheweb.net
https://defendtheweb.net/playground/squashed-image
We have an image and a field with Username and Password. It is a steganography challenge, so we should start by looking into the image.
One of the things you learn while playing ctfs is to use the right tools to get the job done. And for me, the first thing I usually do is open up the file in a Hex Editor that lays out all the bytes used in images. It’s somewhat like looking at the source code of a website. [But of course, no developer hides their password in the source code]
Now we have two options -
1. Use an online tool to open the file – https://hexed.it/ Or,
2. Use an app to open the file locally – for example, the 
HxD editor
for Windows
Every file has a few signature bytes that can be used to identify it. And for jpg images, its header bytes are 
FF D8
and ending or footer bytes 
FF D9
. These are hexadecimal numbers, and you can find the corresponding ASCII text in the 
Decoded text
section.
As you can see in the hex editor below, there is more text after the footer byte. And it clearly reads as 
secret.txt
.
If it were a long file, we’d have to copy these extra bytes into a new file. After that, you can change it to a desirable extension or save it as a Zip. But as we can see here, there is no reason to do that because the secret text is already visible. Can you see the username and passphrase there? These are the credentials we need to solve the challenge.
user - admin, pass - safe
We already have the solution but sometimes it's not visible so quickly. So here is the long-form solution.
After the FF D9 bytes, you will see that the next byte translates to PK, which indicates the start of a zip file. 
PK is short for Phil Katz
, the co-creator of the zip file format. So we will save these bytes into a new file named secret.zip and extracting it gives us the same username and password. 
Tools used -- HxD editor, WinZip extractor
Happy Hacking!
Written by shelstronic | Into the Unknown
Published by HackerNoon on 2023/05/10
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy