TryHackMe - CC: Steganography


CC: Stegnography is a free room created by Paradox on TryhackMe. This room is specially created for beginners who are the not familiar with the tools used in forensics for steganography purpose. Anyone can join this room. Here is the Room link - https://tryhackme.com/room/ccstego

Intro

Steganography is the art of concealing something inside something else, for example: Anyone can hide messages and information within another files like Image, Audio and Video. In this room you can learn about various techniques and tools used to extract hidden data from Image and Audio Files. Remember that you have following tools with you to complete this room like Steghide, Zsteg, Exiftool, Stegoveritas and Sonic Visualizer. Before proceeding further, download the zip file from the room and extract their data into the folder.

Steghide

Steghide is one of the most famous steganography tools used to extract information from jpg/jpeg format files. Steghide can be installed with the command apt-get install steghide.

You can solve the first six challenges by using the command steghide -h in the terminal.

Challenge 2.7: Given the passphrase "password123", what is the hidden message in the included "jpeg1" file.

Now, To solve this challenge, we can use steghide utility to extract hidden message from the image "jpeg 1".  Using the command given below we can extract hidden message from image.

steghide extract -sf jpeg1.jpeg -p password123

Zsteg

Zsteg is tool used to extract information from PNG format files. It also support BMP format files but primarily used for PNG format files. Zsteg can be installed with the command gem install zsteg.

You can solve the first four challenges by using the command zsteg -h in the terminal.

Challenge 3.5: In the included file "png1" what is the hidden message?

Challenge 3.6: What about the payload used to encrypt it.

To solve challenge 3.5 and 3.6, we can use zsteg tool to extract hidden message from the image "png1". Using the command given below we can extract hidden message from image.

zsteg png1.png

Exiftool

Exiftool is a utility that allows you to view and edit the image metadata. Exiftool can be installed with the command apt-get install exiftool.

Challenge 4.1: In the included jpeg3 file, what is the document name.

To solve this challenge, we use exiftool utility to extract document name from image "jpeg3". Using the command given below we can extract document name from image.

exiftool jpeg3.jpeg

Stegoveritas

Stegoveritas is all in one package tool used to extract information from image. It supports every image file, and is able to extract all types of data from it. Stegoveritas can be installed with the command pip3 install stegoveritas, stegoveritas_install_deps.

You can solve the first three challenges by using the command stegoveritas -h in the terminal.

Challenge 5.4: In the included image jpeg2 what is the hidden message?

To solve challenge 5.4, we use stegoveritas tool to extract hidden message from image "jpeg2". Using the command given below we can extract hidden message from image.

stegoveritas jpeg2.jpeg

Spectrograms

Spectrogram stegonography is the art of hiding an image inside in an audio file's spectogram. We use Sonic Visualizer to extract data from the image hidden in the audio file.

Challenge 6.1: What is the hidden text in the included wav2 file?

To solve this challenge, we can use Sonic Visualizer to find hidden text from audio file.

Open Sonic Visualizer tool and from there click on File -> Open and then select the wav2 file and you should see a screen similar to this: 

From there again click on Layer -> Add Spectrogram and you should see a screen similar to this:

 The Final Exam

We have to find the three keys to complete this room. In this challenge we use all the techniques and tools used earlier to gather information. let's start.

Challenge 7.1: What is key 1?

To solve this challenge, first you should have to deploy the machine in the browser. After deploying the machine, You see a webpage similar to the image given below.

Now, Firstly download the image present on webpage to find key 1. After that we use exiftool to find hidden key from image "exam1.jpeg" by using the command given below:

exiftool exam1.jpeg

From the results of exiftool, we get something like Document Name : password=value. Now this is not a key. So, again we examine same image to get our first key. So, this time we use steghide tool. By using the command given below in the terminal we get our key 1. As we already got passphrase from the result of exiftool utility i.e. value of password.

steghide extract -sf exam1.jpeg

From the result of steghide tool, we get our first key. Now, submit the same key in the webpage to get second challenge.

Challenge 7.2: What is key 2?

To solve this challenge, download audio file given on the webpage exam2.wav. To find key 2 from this audio, we use Sonic Visualizer and follows same steps used in challenge 6.1.  Now, From the output we get something like https://url/path. 

Now visit this URL and download image available on the webpage. As the image we downloaded is in a .png format, So, we use zsteg tool to find our second key.

zsteg KTrtnI5.png

From the result of zsteg tool, we get our second key. Now, submit the same key in the webpage to get final challenge.

Challenge 7.3: What is key 3?

Now, to solve this final challenge, firstly download qrcode image. Now, we use stegoveritas tool to extract information from the qrcode.png by using the command given below 

stegoveritas qrcode.png

Now a folder with name results is created in the same directory and from there you get multiple images of qrcode. Now you have to scan the qr code one by one to get our final key. You can do this by using this website if you don't have a qrcode scanner application in the mobile. Now, we get our last key.


Now put this final key into the webpage to complete the challenge.

Does this article being helpful to you? Let us know your thoughts in the comments section and share it with us on Facebook, Twitter, or our LinkedIn Group. 

0/Comments

Previous Post Next Post