What You See - PragyanCTF Stego
This was a easy one. We are required to find the flag in this image. This is the original image.
Running file, shows nothing suspicious.
stego_50.jpg: JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 430x425, frames 3
Running a binwalk, we can see that there is a ZIP archive appended to the end of the JPEG image.
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 JPEG image data, JFIF standard 1.02
10541 0x292D Zip archive data, at least v1.0 to extract, compressed size: 37, uncompressed size: 37, name: "usethis"
10720 0x29E0 End of Zip archive
Passing an -e flag to BinWalk, we can recursively extract the zip archive. We now have a text file called usethis which contains an URL.
steghide.sourceforge.net/download.php
It is the download link for StegHide, a steganography software which embeds and extracts information from JPEG images.
StegHide requires a passphrase to extract the embedded information. Running strings on the original image file, shows a suspicious string Delta_Force\m/ which turned out to be the passphrase.
key_stego_1 is created and the content of the file contains the flag to this challenge.
Congrats! This was way too wasy :P
This is the key:
PrAgyaNCTF_sTeg1_key