“John is practicing his steganography skills but don’t let the space kittens affect what you see… There is more than one way to uncover hidden secrets.”
Zip Password: hackthebox
sha256: 0203f0830bfa1cbbefc79686b66e28e751876be0838f988e53079a3b3d9c0fbb
Download the .zip file provided, extract it, and then open it with the password.
We receive a .wav file of what sounds like cats screeching. Not my taste in music…but whatever floats your boat.
I opened it up with Audacity and messed around for a bit, but ultimately ran into a dead end there:
I also used binwalk on it and got some interesting results, followed by exiftool:
I tried to use steghide and discovered that I needed a passphrase:
steghide extract -sf <path to file>
In order to crack the passphrase, I used StegCracker, which is a tool you can use to brute force passwords.
stegcracker <path to file> <path to wordlist>
If you need a wordlist, you can find rockyou.txt HERE (auto-download).
During this time, I used Shazam on that .wav file and found THIS. So apparently this is a whole thing…
I think evil waffle cat is my favorite flavor?
We also have Mexican taco cat…
Retro Game Boy cat…
Cat in love…
Anyways, this was definitely distracting… as soon as I could pull myself away from Nyan Cat (it took more time than I’d like to admit), I switched back over to my StegCracker results.
Excellent, we now have our password: skittles
Let’s try steghide again:
It wrote our information to a file called “youfoundme”. Open that up:
cat youfoundme
Ok, now what to do with all of this…
I used the cat command again, but this time added on | less, so I could go through it page by page.
cat youfoundme | less
What I’m going to do now is try to work with the first few lines instead of all the data at once, so it is more manageable.
It was identified as Base64 by THIS cipher analyzer, then decoded:
I switched over to CyberChef at that point, and ran “From Base64” and “From Hex” at the same time.
You can see that the first thing it outputs is “.PNG”, which means that we are working with photo data in hex form.
I used my command line to decode the entire file from Base64 to Hex, and then created another file with the decoded Hex version:
I looked around for a while to find some sort of tool to transform the Hex file to a .png file using the command line, but did not have much luck. Eventually I just used CyberChef in my browser again, which was very simple.
If anyone has another way, please drop a comment, because I’m curious.
So now we have our meme to work with:
I messed around with this for quite some time, eventually using stegsolve. I initially didn’t have it installed because I’ve never used it before. You can run the following if you need it also:
wget http://www.caesum.com/handbook/Stegsolve.jar -O stegsolve.jar
chmod +x stegsolve.jar
mkdir bin
mv stegsolve.jar bin/
Change directories to bin where you just moved it, then run the following to open it:
java -jar stegsolve.jar
Use that little white box that just popped up to open the meme file. You can tab through all the different filter options with the arrows on the bottom. Eventually you will get to this:
I recognized this as Braille, and used an online decoder.
The flag will pop up after you submit this, but be careful with the capitalization. You should submit it all in lowercase!
This one took a lot of time, using a couple tools that might not be as well know (such as stegsolve), which is why I rated it as medium.
Also, it looks like the MySQL results we got from binwalk early in the process turned out to be a distraction. I’m glad I tried other things before falling down that rabbit hole.
I get it though…“Senseless Behaviour”, as in, you lost your sense of sight and need to use Braille. I see what you did there, sh3llf1sh. I would have preferred to go deaf after listening to that .wav file, but that’s just me.
Happy Hacking! ❤
