1. Picture attributes
That's right, the above is a wrong demonstration, I actually don't know how to read the detailed information, I'm too good, hhh.
The following is the correct image attribute view
2. The flag is hidden in bytes, we can find it by searching keywords
Drag the file to winhex and find SL starting with the search text flag
(I found it after searching down several times from the beginning):
Modify the height of the png image
Lovely
lady , hahaha Drag the picture into winhex, change the value of the yellow mark to a larger value, change it to 5 , save it and
get the flag:
Identify the beginning and end of common files, and add, cut or save
JPEG (jpg), File header: FFD8FF File tail: FF D9
PNG (png), File header: 89504E47 File tail: AE 42 60 82
GIF (gif), File header: 47494638 File tail: 00 3B
ZIP Archive (zip), File header: 504B0304 File tail: 50 4B
RAR Archive (rar), File header: 52617221
You can operate in winhex, and you can master it by practicing more questions:
LSB steganography
Need to use tools Stegsolve.jar
with Stegsolve.jar open picture
File Format: file format, this is mainly to see the images specific information
Data Extract: data extraction, the picture hidden data extraction
Steregram Solve: perspective can attempt to control the left and right offset
Frame Browser: Frame browser, mainly to decompose GIF and other moving pictures. The moving pictures are turned into pictures for easy viewing.
Image Combiner: puzzle, picture stitching.
This question is simple as
shown in the figure. Just press the button below to switch
and then I found something hidden in the upper left corner. If you cut back, there will be a few similar phenomena.
Then proceed as follows:
Check the pictures with the above phenomena to get the hidden information
Use outguess tool
I downloaded it in my kali virtual machine. For the specific steps to download kali, please refer to my brother's blog: https://blog.csdn.net/qq_45836474/article/details/104977042 and
enter the following code to download:
1、sudo git clone https://github.com/crorvick/outguess #下载安装包到当前目录
2、sudo ./configure && sudo make && sudo make install #在当前目录下安装
For details on how to use it, please refer to the Big Guy blog: https://blog.csdn.net/xuqi7/article/details/63362839/ The
content is as follows:
Encryption:
outguess -k "my secret key" -d flag.txt demo.jpg out.jpg
After encryption, demo.jpg will overwrite out.jpg.
The content in flag.txt is what is to be hidden.
Decrypt:
outguess -k "my secret key" -r out.jpg hidden.txt
After decryption, the decrypted content is placed in hidden. txt
Use of F5-steganography tool
Enter download in kali
sudo git clone https://github.com/matthewgao/F5-steganography
use:
java Extract 图片的绝对路径/123.jpg -p 密码
Then open the output.txt file to view the flag
Puzzle
ImageMagick tool and gaps tool combined use
The rebuilt virtual machine starts to go to jail.
Download:
#先下载gaps保证不出意外
1、sudo vi /etc/apt/sources.list #添加阿里源
2、sudo apt-get update
3、sudo git clone https://github.com/nemanja-m/gaps.git #下载gaps
4、cd gaps #进入gaps文件夹
5、sudo wget https://bootstrap.pypa.io/get-pip.py #下载pip
6、sudo python3 get-pip.py #可能会因为网速下载失败,重启一下
7、sudo vi /etc/pip.conf #配置pip.conf文件
8、sudo pip install opencv-python==4.2.0.34 #更新opencv-python
9、sudo vi ./requirements.txt #修改requirements.txt文本文件
10、sudo pip install -r requirements.txt
11、sudo apt install python3-tk
12、sudo pip install -e . #结束后gaps就能用了
sudo apt-get install imagemagick #下载imagemagick
Article 1 is amended as follows.
Article 9 is amended as follows:
Article 7 The content of the configuration file is as follows:
Open the black window in the folder and enter:
montage *jpg -tile 10x12 -geometry 200x100+0+0 out.jpg
Get a spliced picture:
use the gaps command:
gaps --image=out.jpg --generations=40 --population=120 --size=100
Use steghide tool
download
sudo apt-get install steghide
Big Brother Blog: http://www.safe6.cn/article/102
View the file information embedded in the picture
steghide info 1.jpg
Extract hidden content in pictures (with password)
steghide extract -sf 1.jpg -p 密码
Hide the 1.txt file into a.jpg
steghide embed -cf a.jpg -ef 1.txt -p 密码
Use binwalk file separation
Kali comes with it, no need to download.
Refer to the big guy blog: https://www.cnblogs.com/jiaxinguoguo/p/7351202.html
sudo binwalk cat.jpg
It is easy to see that there are jpg pictures at 5321 and 5351, and then take him out.
Use the dd command:
sudo dd if=cat.jpg of=cat-1.jpg skip=5321 bs=1
sudo dd if=cat.jpg of=cat-1.jpg skip=5521 bs=1
The first picture The
second picture (it seems that the senior has a deep obsession with ImageMagic, hahahaha)
Use the foremost tool to separate
download:
sudo apt-get install foremost
use:
foremost cat.jpg
I don't know why there is nothing in the folder. . . Maybe my face is dark.
There are still a few tools that have time to connect, be lazy +1