Misc - Stegwalk - writeup

description

We found these files in storage. We think there might be something more to one of these featuredImages. Good luck!

writeup

Ok so I first downloaded the file ‘StegWalk.zip’

Let’s move it for our convenience.

1

mv ~/Downloads/StegWalk.zip .

I am going to extract the file first

1

unzip StegWalk.zip -d StegWalk

Inside this zip archive are a dozen of .png files …

Most of these featuredImage files just say ‘Nothing’.

But looking at the file sizes of the files I can see that all files have the size 2150 bytes except the file ‘iyav473h.png’ which is 110436 bytes in size.

After opening that particular file I see some sort of ancient map.

1
2
3

file iyav473h.png

iyav473h.png: JPEG featuredImage data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 991x991, components 3

After trying to extract files from the featuredImage using cyberchef I found a zip archive ’extracted_at_0x1adc4.zip'

Inside this zip archive is a folder called ‘secret’

I already had seen that folder while looking at the hexcode of the featuredImage bytes.

Inside of that folder is a file called ‘secret.txt’

Let’s see what is inside there …

1
2
3
4
5
6
7
8
9

cat secret.txt

Nothing here... or is there?                                                
                                                                          
                                                                           
                                                                           
                                                                           
                                                                         
                     

Mh a lot of whitespace.

Chances are high this could be some sort of whitespace steganography or zero width space steganography ….

Let’s try to decode it using stegsnow …

1

stegsnow -C secret.txt output.txt

1
2
3

cat output.txt

RS{st3g0_w4lk_432849}

There is our flag!