Hackerman Stenography Challenge Solution!

Kamran Saifullah

2 min readJun 11, 2019

This is quite a simple challenge but different from others in a way that the steno file was password protected.

I tried running Steghide & Stegosuite directly on the provided image file but nothing was found. In parallel i tried to check whether i can directly extract the data from the image file using steghide.

This confirmed that this file was password protected. On quick googling i found that these types of steno files can be bruteforced. The program which can do this for us can be found on the below link.

Paradoxis/StegCracker

Steganography brute-force utility to uncover hidden data inside files - Paradoxis/StegCracker

github.com

Big shout out to this guy :))

On quickly providing rockyou file we have done with the challenge :))

All we need is to use that password with steghide in order to extract the file.

Let’s see what’s inside the text file.

So the text is base64 encoded. Let’s cat this file again and forward the output to Base64 decoder in Kali Linux.

We have got out flag :))

That’s all for this challenge.

Don’t forget to add claps :))

Thanks for reading :))

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Written by Kamran Saifullah

Malware/RE/Firmware Analysis, App Sec/Off Sec, VAPT, Phishing Simulations/SE | Risk Management, IS Governance, Audits, ISO 27001 LI

Responses (1)

Write a response

What are your thoughts?

Also publish to my profile

Luke Paris

Sep 10, 2019

Nice write-up and thanks for the shoutout :)

Help
Status
About
Careers
Press
Blog
Privacy
Rules
Terms
Text to speech