Thursday 30 January 2014

Nullcon HackIm 2014 Forensics-4

This challenge made a good steganographer for jpg images.It took 5-6 hours to solve this coz i was stuck with the passwords.

Question :
A suspicious image was found on the desktop. Our investigator suspects something is hidden.

Hint: remove i from it.

tools i used : Stegsolve,Stegdetect,Invisible secrets 4

Extract the image from autopsy which is in desktop.that is nullcon.jpg


Stegsolve will show that RGB splitting you find a eiffel tower image.So now we have the password "eiffel".Ooops look at the hint.It says remove i from it.So the password is "effel".
Now using stegdetect we find that it says invisible[64]***
I found from the documentation of stegdetect that 3 *** means that its 100% sure that it is the mentioned algorithm.Googling for a invisible secrets because stegbreak doesnt solve invisible secrets it only solves jphide,outguess and jsteg-shell.
So i had to use invisible secrets tool.after you enter the password you get a doc file which has the flag

FLAG :02940294029402940294

No comments:

Post a Comment

enter valid comments.Suggestions are most welcome and would be interested in correcting my mistakes.