What You See - PragyanCTF Stego :: init 0 — Stuff about computers and security

This was a easy one. We are required to find the flag in this image. This is the original image.

$stego\_50$

Running file, shows nothing suspicious.

stego_50.jpg: JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 430x425, frames 3

Running a binwalk, we can see that there is a ZIP archive appended to the end of the JPEG image.

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             JPEG image data, JFIF standard  1.02
10541         0x292D          Zip archive data, at least v1.0 to extract, compressed size: 37,  uncompressed size: 37, name: "usethis"
10720         0x29E0          End of Zip archive

Passing an -e flag to BinWalk, we can recursively extract the zip archive. We now have a text file called usethis which contains an URL.

steghide.sourceforge.net/download.php

It is the download link for StegHide, a steganography software which embeds and extracts information from JPEG images.

StegHide requires a passphrase to extract the embedded information. Running strings on the original image file, shows a suspicious string Delta_Force\m/ which turned out to be the passphrase.

key_stego_1 is created and the content of the file contains the flag to this challenge.

Congrats! This was way too wasy :P

This is the key:

PrAgyaNCTF_sTeg1_key