====== HTB ~~ Stego Challenges ~~ Widescreen [owned] ======
[[informatique:hacking:challenges:hackthebox:challenges:stego:start|Retour]]

-

===== Présentation =====

Type : ''Easy''\\
Owned : ''Yes'' 8-)\\
Retired : ''Yes''\\
Added : ''2017-07-26''

<code>
Someone has leaked pictures of our unreleased movie.
Can you help identify him? 
</code>

1 fichier :
  * ''widescreen.png''

===== Résolution =====


==== 1er test : binwalk ====

<code>
user@VM:/mnt/c/Users/didier/Documents/HTB/Stego/VERT/Widescreen$ binwalk -e widescreen.png

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             PNG image, 628 x 281, 8-bit/color RGB, non-interlaced
85            0x55            Zlib compressed data, best compression
2757          0xAC5           Zlib compressed data, best compression
</code>

À priori rien de probant ici.


==== 2e test : hexdump ====

Rien de visible non plus.

==== 3e test : steghide ====

<code>
steghide extract -sf 
steghide: the file format of the file "widescreen.png" is not supported.
</code>

==== 4e test : pngcheck ====

<code>
user@VM:/mnt/c/Users/didier/Documents/HTB/Stego/VERT/Widescreen$ pngcheck -vt widescreen.png
File: widescreen.png (194272 bytes)
  chunk IHDR at offset 0x0000c, length 13
    628 x 281 image, 24-bit RGB, non-interlaced
  chunk pHYs at offset 0x00025, length 9: 2835x2835 pixels/meter (72 dpi)
  chunk iCCP at offset 0x0003a, length 2639
    profile name = Photoshop ICC profile, compression method = 0 (deflate)
    compressed profile = 2616 bytes
  chunk cHRM at offset 0x00a95, length 32
    White x = 0.31269 y = 0.32899,  Red x = 0.63999 y = 0.33001
    Green x = 0.3 y = 0.6,  Blue x = 0.15 y = 0.05999
  chunk IDAT at offset 0x00ac1, length 191499
    zlib: deflated, 32K window, maximum compression
  chunk IEND at offset 0x2f6d8, length 0
No errors detected in widescreen.png (6 chunks, 63.3% compression).
</code>

Toujours rien.

==== 5e test : zsteg ====

<code>
user@VM:/mnt/c/Users/didier/Documents/HTB/Stego/VERT/Widescreen$ zsteg widescreen.png
/usr/lib/ruby/2.5.0/open3.rb:199: warning: Insecure world writable dir /mnt/c in PATH, mode 040777
imagedata           .. file: VAX-order 68K Blit (standalone) executable
b1,r,lsb,xy         .. text: "'_PtlO6\\"
b1,r,msb,xy         .. text: "95wLHNt c"
b2,r,msb,xy         .. file: PGP\011Secret Sub-key -
b3,b,lsb,xy         .. text: "VRnI$i4I$"
b3,bgr,lsb,xy       .. text: " L6al(^ur"
b4,r,lsb,xy         .. text: "ufwuUut4332!#2"
b4,g,lsb,xy         .. text: "eC3EUB%TEeUVeVB3DVfVeeDDEW"
b4,b,lsb,xy         .. text: "24T35TE1\"3DDD2#!"
b4,rgb,lsb,xy       .. text: "gVuGTt5!R"
b4,bgr,lsb,xy       .. text: "i4q%#b64sGEteFTeEte6rT&3T$1C"
user@VM:/mnt/c/Users/didier/Documents/HTB/Stego/VERT/Widescreen$
</code>

Toujours rien.

==== 6e test : StegSolve ====

StegSolve est une jvm ("StegSolve 1.3 by Caseum"; fichier .jar).

Ouvrir le fichier puis cliquer sur la flèche de droite un certain nombre de fois.

En mode "Red Plane 1" on a le password qui apparait clairement : "HTB{c3r34l_k1ll3r}".


Banco 8-)


===== FLAG =====

''HTB{c3r34l_k1ll3r}''

{{tag> HackTheBox Hacking Steganography png Stegsolve owned }}