Hello Guys today we are gonna be tackling a challenge from hack the box called blackhole. It’s in the misc category and contains a little bit of stenography and decoding of ciphers. That being said lets jump in
I downloaded the zip file from hack the box and extracted the contents of the zip file using the password hackthebox this password is provided by Hack The Box so no need to sweat. We get another Zip archive
I ran file command on it and obviously it was a Zip archive data, at least v2.0 to extract. I tried to unzip it and luckily it had no password.
I got one file. Again i ran file command against the file and it turned out to be a JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 794x579, components 3
I decided to open the image and it turned out to be an image of Stephen Hawking
Looks like a stenography challenge from here. Ran strings command on the file and got nothing useful. Also binwalk showed that no other files were embedded on the image. The only option left was to run steghide.
I ran steghide using the following command
steghide extract -sf hawking
Then when is asked for the passphrase i used hawking. This was purely a guessing game. If it could not have worked i could not have worked i could then have ran stegcracker (A tool used to brute force image passphrase). But luckily it worked
Now we get a file called flag.txt. On opening the file it appears to be base64 encodeded.
I decoded using the command
base64 -d flag.txt | base64 -d
I base64 decoded the file twice to get a bunch of gibberish and something that looks like a cipher at the end of the file
But this is not the format that hack the box flag normally looks like. What came to my mind was that this was a cipher. But which one ??????
It’s really hard to differentiate between cipher and that one i use an online tool (i’ll leave a link below) that automates the process
Cipher Identifier (online tool) | Boxentriq
Stuck with a cipher or cryptogram? This tool will help you identify the type of cipher, as well as give you information…
And after analyzing the text it turned out to be a Caesar cipher
After Knowing what cipher text it was, it was time to decode it. I recommend this online tool for decoding ciphers. It has really worked for me every time i’ll leave a link below
Modular conversion, encoding and encryption online
Web app offering modular conversion, encoding and encryption online. Translations are done in the browser without any…
At -14 shift we get decode the text to plain engish.
Wow now it’s time to get the flag, submit it and increase our rank in the score board
Boom we have our flag of course i can’t show you the whole flag so that you can reproduce my steps when doing the challenge for yourself rather than copy pasting the flag. That’s it for now guys till next time take care