Open in app

Sign in

Write

Sign in

Houseplant CTF Write Up Part 1

Amun-Ra
ZH3R0
Published in
5 min readApr 27, 2020
Houseplant CTF organized by RiceTeaCatPanda CTF Team

This was by far one of the most enjoyable as well as most informative CTF me and our Team ZH3R0 has played yet. This part will cover the Forensics Challenge from HouseplantCTF organized by RiceTeaCatPanda CTF team. Hope you learn from this post!

Vacation Pics — Forensics Challenge 1

So weird… I was gonna send two pictures from my vacation but I can only find one… where did the other one go??

Dev: Delphine

Download challenge file — pictures.zip

This was an interesting challenge, this is an image stegnography challenge as mentioned in the challenge description.

So the given pictures.zip file contains a pictures.bmp file. As usual I opened my terminal and tried to use steghide on it without password but nothing turned up. Then i thought to implement the check list of all ctf, I tried binwalk, stegsolve, tried out the usual stuff, but nope, nothing turned up of much use.

Going through other CTF write ups and information on what could be possibly hidden, I came across several information but none of them proved to be useful. I then pinged the admin for what could possibly be that i am missing, she hinted on “Digital Invisible Ink Toolkit”, searching up for that term provided me with information required to solve the challenge further.

Why didnt steghide work?

Steghide is a popular stegnography tool. Just like steghide, DIIT(Digital Invisible Ink Toolkit) is a stegnography tool but both of them has a major difference. They both use different algorithms to encode the images, and DIIT is a superior tool than steghide too.
Steghide generally implements Rijndael algorithm by default, i tried with all the other algorithms provided by steghide too, to check if it works.

To get the different algorithms implemented by steghide enter this command,

$ steghide --encinfo

The output will be ,

encryption algorithms:
<algorithm>: <supported modes>…
cast-128: cbc cfb ctr ecb ncfb nofb ofb
gost: cbc cfb ctr ecb ncfb nofb ofb
rijndael-128: cbc cfb ctr ecb ncfb nofb ofb
twofish: cbc cfb ctr ecb ncfb nofb ofb
arcfour: stream
cast-256: cbc cfb ctr ecb ncfb nofb ofb
loki97: cbc cfb ctr ecb ncfb nofb ofb
rijndael-192: cbc cfb ctr ecb ncfb nofb ofb
saferplus: cbc cfb ctr ecb ncfb nofb ofb
wake: stream
des: cbc cfb ctr ecb ncfb nofb ofb
rijndael-256: cbc cfb ctr ecb ncfb nofb ofb
serpent: cbc cfb ctr ecb ncfb nofb ofb
xtea: cbc cfb ctr ecb ncfb nofb ofb
blowfish: cbc cfb ctr ecb ncfb nofb ofb
enigma: stream
rc2: cbc cfb ctr ecb ncfb nofb ofb
tripledes: cbc cfb ctr ecb ncfb nofb ofb

DIIT implements various other algorithms like BattleSteg, Blindhide, HideSeek, FilterFirst, DynamicBattleSteg, DynamicFilterFirst.

Final Solution

Download the tool called DIIT from here and make sure you have java installed in your system.

After downloading it go to the folder the .jar file contains and enter the command,

$ java -jar -Xmx512m diit-1.5.jar

You can define the argument after -Xmx<cache size> to a size greater than the file size as in case the tool fails to decode.

After initializing it you will be met with an interface like this,

DIIT(Digital Invisible Ink Toolkit) superior stegnography tool.

Go to Decode section and set the Get Image with your input image, let the algorithm be BattleSteg and Set Message to the output file name.

DIIT decode how to

Press go and wait for it to complete and go to the folder you selected and you have the output image, open it and there you go! Successfully retrieved the flag.

flag of the challenge

Flag — rtcp{stay_home}

Deep Lyrics— Forensics Challenge 2

Yay, more music!

Dev: Delphine

Download challenge file — more-music.wav

This challenge was very obvious to solve, for those who didn't get it yet the title of the challenge is a big hint as to how to solve it.

Looking at the title i immediately came to know what i should do, for those who don't know it yet, this challenge is expected to be solved by a tool called DeepSound, it was popularly shown in and used in the hacking series Mr.Robot(I loved that series).

DeepSound is a popular stegnography tool used to hide data inside audio tracts as well as decode it. So the solution was obvious, download it and decode the file.

Solution

Download DeepSound from here and install it in Windows(not sure if it works in Linux), open it and you will be met with this interface,

Click on Open carrier files and select your audio file and extract.

extracted file called — notsorry.txt

Opening the extracted file gives you the flag,

Flag —rtcp{got_youuuuuu}

That’s it for this part, In the next part i will be talking about the cryptography challenges i solved. Check out my team mates write ups for other challenges below,

Houseplant CTF

Writeups for most of the reversing challenges

medium.com

Writeup for Adventure-Revisited

Question: Let’s go on an adventure! The solution is in there… somewhere.

medium.com

HousePlant CTF :Catography Writeup

Challenge Description: Jubie’s released her own collection of cat pictures. Go check it out…

medium.com

Visit our teams blog Team ZH3R0.

Feel free to contact me through,

  • Discord — @Amun-Ra#3245
  • Instagram — @Amun_rha
Ctf Writeup
Deepsound
Diit
Houseplant Ctf
Forensics

--

--

Amun-Ra
ZH3R0

Written by Amun-Ra

11 Followers
Editor for

I love CTF, Hacking, Programming,it exhilarates me. Anything related to Computer and technology fascinates me. Feel free to contact me through any social media

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams