Suninatas Game 13

Posted on Edited on In Views: Disqus:

challenges

Game 13

Challenge: Forensics - Steganography in ZIP and images

Hint: The programmer’s bad habit of backing up source code

Step 1: Find and Download ZIP

The hint suggests looking for a backup file:

1
http://suninatas.com/challenge/web13/web13.zip

Step 2: Extract ZIP File

The ZIP is password-protected. Try extracting:

1
7z x web13.zip

Output:

1
2
3
4
5
ERROR: Wrong password : whitehack1.jpg
ERROR: Wrong password : whitehack2.jpg
ERROR: Wrong password : whitehack3.jpg
ERROR: Wrong password : whitehack4.jpg
ERROR: Wrong password : 4ڸ.txt

Note: Set locale to Korean if needed. Use unar instead for automatic handling:

1
unar web13.zip

Output reveals: 압축비번은4자리정수 (The compression password is a 4-digit integer)

Step 3: Brute Force Password

Use John the Ripper with a 4-digit wordlist:

1
2
zip2john web13.zip > hash.txt
john hash.txt --wordlist=~/ctf/tool/dic/SecLists/Fuzzing/4-digits-0000-9999.txt

Result: 7642 is the password

Step 4: Extract Files

After extracting with password 7642:

1
unar web13.zip

Open the text file with encoding EUC-KR.

Content: Combine the four images to find the key.

Step 5: Extract Data from Images

Use hex dump to find hidden data in each image:

whitehack1.jpg:

1
xxd whitehack1.jpg | head -20

Contains: first key : 3nda192n

whitehack2.jpg:

1
xxd whitehack2.jpg | head -20

Contains: second key : 84ed1cae

whitehack3.jpg:

1
xxd whitehack3.jpg | head -20

Contains: third key: 8abg9295

whitehack4.jpg:

1
xxd whitehack4.jpg | head -20

Contains: fourth key : cf9eda4d

Step 6: Combine Keys

Concatenate all four keys in order:

3nda192n + 84ed1cae + 8abg9295 + cf9eda4d

3nda192n84ed1cae8abg9295cf9eda4d