Differences

This shows you the differences between two versions of the page.

--- htb-challenges-stego-widescreen [2019/06/24 13:28] – didzkovitchz
+++ htb-challenges-stego-widescreen [2020/12/15 21:45] (current) – removed didzkovitchz
@@ Line 1: / Line 1: @@
-====== HTB ~~ Challenges Stego ~~ Widescreen ======
-[[htb|Retour]]
--
-===== Présentation =====
-<code>
-Someone has leaked pictures of our unreleased movie.
-Can you help identify him?
-</code>
-fichier :
-  * ''widescreen.png''
-===== Résolution =====
-==== 1er test : binwalk ====
-<code>
-user@VM:/mnt/c/Users/didier/Documents/HTB/Stego/VERT/Widescreen$ binwalk -e widescreen.png
-DECIMAL       HEXADECIMAL     DESCRIPTION
---------------------------------------------------------------------------------
-             0x0             PNG image, 628 x 281, 8-bit/color RGB, non-interlaced
-            0x55            Zlib compressed data, best compression
-          0xAC5           Zlib compressed data, best compression
-</code>
-À priori rien de probant ici.
-==== 2e test : hexdump ====
-Rien de visible non plus.
-==== 3e test : steghide ====
-<code>
-steghide extract -sf
-steghide: the file format of the file "widescreen.png" is not supported.
-</code>
-==== 4e test : pngcheck ====
-<code>
-user@VM:/mnt/c/Users/didier/Documents/HTB/Stego/VERT/Widescreen$ pngcheck -vt widescreen.png
-File: widescreen.png (194272 bytes)
-  chunk IHDR at offset 0x0000c, length 13
-x 281 image, 24-bit RGB, non-interlaced
-  chunk pHYs at offset 0x00025, length 9: 2835x2835 pixels/meter (72 dpi)
-  chunk iCCP at offset 0x0003a, length 2639
-    profile name = Photoshop ICC profile, compression method = 0 (deflate)
-    compressed profile = 2616 bytes
-  chunk cHRM at offset 0x00a95, length 32
-    White x = 0.31269 y = 0.32899,  Red x = 0.63999 y = 0.33001
-    Green x = 0.3 y = 0.6,  Blue x = 0.15 y = 0.05999
-  chunk IDAT at offset 0x00ac1, length 191499
-    zlib: deflated, 32K window, maximum compression
-  chunk IEND at offset 0x2f6d8, length 0
-No errors detected in widescreen.png (6 chunks, 63.3% compression).
-</code>
-Toujours rien.
-==== 5e test : zsteg ====
-<code>
-user@VM:/mnt/c/Users/didier/Documents/HTB/Stego/VERT/Widescreen$ zsteg widescreen.png
-/usr/lib/ruby/2.5.0/open3.rb:199: warning: Insecure world writable dir /mnt/c in PATH, mode 040777
-imagedata           .. file: VAX-order 68K Blit (standalone) executable
-b1,r,lsb,xy         .. text: "'_PtlO6\\"
-b1,r,msb,xy         .. text: "95wLHNt c"
-b2,r,msb,xy         .. file: PGP\011Secret Sub-key -
-b3,b,lsb,xy         .. text: "VRnI$i4I$"
-b3,bgr,lsb,xy       .. text: " L6al(^ur"
-b4,r,lsb,xy         .. text: "ufwuUut4332!#2"
-b4,g,lsb,xy         .. text: "eC3EUB%TEeUVeVB3DVfVeeDDEW"
-b4,b,lsb,xy         .. text: "24T35TE1\"3DDD2#!"
-b4,rgb,lsb,xy       .. text: "gVuGTt5!R"
-b4,bgr,lsb,xy       .. text: "i4q%#b64sGEteFTeEte6rT&3T$1C"
-user@VM:/mnt/c/Users/didier/Documents/HTB/Stego/VERT/Widescreen$
-</code>
-Toujours rien.
-==== 6e test : StegSolve ====
-StegSolve est une jvm ("StegSolve 1.3 by Caseum"; fichier .jar).
-Ouvrir le fichier puis cliquer sur la flèche de droite un certain nombre de fois.
-En mode "Red Plane 1" on a le password qui apparait clairement : "HTB{c3r34l_k1ll3r}".
-Banco 8-)
-===== FLAG =====
-''HTB{c3r34l_k1ll3r}''