AIRBUS | STEG100, STEG42, STEG275

> STEG1 : [Google phishing file ?]

– This challenge was a file named « Google.fr ». First of all, as usual, I used the
‘file’ command from BSD. The file was a tar.gz archive :

$ file Google.fr
Google.fr: gzip compressed data, from Unix
$ mv Google.{fr,gz}
$ gzip -d Google.gz
$ file Google
Google: POSIX tar archive (GNU)
$ tar xvf Google
Google.html
logo11w.png

– Well, at the end, there are two files. Taking a quick look at the .html file
reveals in a comment this :

– So ok, it’s a Google page. Let’s open it in a browser ! I see the following thing :
google_html

« j’aime pas la st3gano »

was not the flag (I have tried, in case…)

But I see someting interesting in the picture. If you look closer, you can see
some black dots. Knowing this, I zoomed in the picture, using the logo in the
archive :
google_blackdot

– Cool, there are black dots, and I saw that their coordonates were in a range
like [50-120], which is perfectly the range of ascii characters 🙂

– I wrote a little python script to extract this dot :

from PIL import Image

im = Image.open("logo11w.png")
w, h = im.size
pix = im.load()
for i in range(w):
    for j in range(h):
        if pix[i, j] == (0, 0, 0, 255):
            print chr(i)+chr(j),

– And executed it :

$ python sploit_logo.py
Ha I_ _S ga no t3 te

I can guess the flag

Pwned \o/
Flag : I_Hate_St3gano

—————————————————————————————————————————-

> STEG2 : [A corporate picture.]

For this challenge, this picture was given : hidden
I used gimp, I obtained this : hidden_unhide

Pwned \o/
Flag : I_am_Hidden

——————————————————————————————————————————————–

> STEG3 : [Exclusive data leak record !]

$ file noise.wav
noise.wav: RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit

– Listen to the sound … Bad idea. I lost my ears.

– Let’s have a look into the hexadecimal (header + beginning of the data) :

RIFFD...WAVEfmt ........D...........data
....}.}.}.}.}.}.....}.}.........}.}.}.}
.....}.}.............}.}.}.}.........}.}
.....}.}.}.}.....................}.}.}.}
.}.}.....}.}.........}.}.}.}.....}.}.}.}
.}.}.}.}.}.}.}.}.....}.}.....}.}.}.}.}.}
.}.}.........}.}.....}.}.}.}.}.}.....}.}
.}.}.}.}.....}.}.....................}.}
.}.}.....}.}.........}.}.}.}.}.}.}.}....
.....}.}.}.}.}.}.}.}.}.}.....}.}.....}.}
.....................}.}.........}.}.}.}
.}.}.....}.}.}.}.....}.}.........}.}.}.}
.}.}.............}.}.}.}.}.}.}.}........
.}.}.....}.}.}.}.....}.}.}.}.}.}.}.}.}.}
.}.}.........}.}.....}.}.....}.}.}.}....
.}.}.}.}.}.}.}.}.}.}.}.}.............}.}

. = 0x00
} = 0x7D

– I removed the header of the .wav file to keep just the data, and I replaced the
0x00 by 0 and 0x7D by 1.

$ showhex_linux noise.wav \
| sed -re 's/(\\x00){4}/0/g;s/\\x00\\x7D\\x00\\x7D/1/g' > noise.bin

– After all, I used python to group 7 by 7 the binary to switch binary to ascii.

f = open("noise.bin").read()
for i in range(0, len(f)):
print chr(int(f[i*7:i*7+7], 2)),

– The output is the following :
N ☃ c e _ J ⎺ b

Some characters are fucked up but I can guess the flag !

Pwned \o/
Flag : Nice_Job

Enjoy !
Notfound (Boris P.)

Publicités

2 réflexions au sujet de « AIRBUS | STEG100, STEG42, STEG275 »

Laisser un commentaire

Entrez vos coordonnées ci-dessous ou cliquez sur une icône pour vous connecter:

Logo WordPress.com

Vous commentez à l'aide de votre compte WordPress.com. Déconnexion / Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion / Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion / Changer )

Photo Google+

Vous commentez à l'aide de votre compte Google+. Déconnexion / Changer )

Connexion à %s