Massacre - Hack The Box Challenge
This is the image:
This is one of the two most difficult challenges for stego on this website and with good reason.
For this challenge we will have to use a python script in my case.
After doing a long long research, I realized that some subpixels of each pixel (RGB value) doesn’t end with 0, so …
1. The script skips the no relevant rgb values:
for rgb in pixels: # Skipping zero rgb's
if rgb != (0, 0, 0):
nozero.append(rgb)
2. Process just the octals which isn’t end with 0:
for i in nozero:
if i[0] % 10 != 0 or i[1] % 10 != 0 or i[2] % 10 != 0: # Some numbers don't end with 0, so we'll want it
3. Then extract the LSB (least significant bit), generating a new RGB value, convert it to binary and finally gets the ASCII char represents by the binary number converted to decimal:
r = '{:08b}'.format(i[R] % 10)[6:8] # Get the last 2 bits of the octal obtained by doing module 10, and convert them to binary
g = '{:08b}'.format(i[G] % 10)[5:8] # Get the last 3 bits ----
b = '{:08b}'.format(i[B] % 10)[5:8] # Get the last 3 bits ----
str = r + g + b # All the bits represents a binary number
i = chr(int(str[:8], 2)) # ASCII char from each 8 bits number converted to decimal
message = message + i # Joins each char to a message
4. Then only the flag is searched in the message formed by all the characters:
regex = re.compile("(HTB{.*})") # Creating the pattern to find the flag inside the message
found = regex.search(message) # Searching that regex in the message
Finally it everything was ok, we’ll get the flag.
Actually this script takes very little time thanks to the filters that were implemented and optimizations.
Autopwn
#!/usr/bin/env python3
from PIL import Image
import re
R = 0; G = 1; B = 2
img_name = 'massacre.png'
try:
img = Image.open(img_name) # Return an Image object
except:
print ('Put massacre.png file on this directory')
exit(1)
pixels = list(img.getdata()) # Gets the image's data
nozero = []
print("Extracting non zero pixels...")
for rgb in pixels: # Skipping zero rgb's
if rgb != (0, 0, 0):
nozero.append(rgb)
message = ""
print("Getting the message...")
# Getting the last digit from the RBG tuples
for i in nozero:
if i[0] % 10 != 0 or i[1] % 10 != 0 or i[2] % 10 != 0: # Some numbers don't end with 0, so we'll want it
r = '{:08b}'.format(i[R] % 10)[6:8] # Get the last 2 bits of the octal obtained by doing module 10, and convert them to binary
g = '{:08b}'.format(i[G] % 10)[5:8] # Get the last 3 bits ----
b = '{:08b}'.format(i[B] % 10)[5:8] # Get the last 3 bits ----
str = r + g + b # All the bits represents a binary number
i = chr(int(str[:8], 2)) # ASCII char from each 8 bits number converted to decimal
message = message + i # Joins each char to a message
print("Looking for the flag...")
regex = re.compile("(HTB{.*})") # Creating the pattern to find the flag inside the message
found = regex.search(message) # Searching that regex in the message
if found:
print(found.group(1)) # Shows the match
exit(0)
else:
print ("Nothing works")
exit(1)
Byee