Writeups for CTF and OSCP Boxes
  • CTF
    • Firebird - PHP Deserialization
    • Firebird - Escape Again
    • Firebird - Secret Code
    • Firebird - M$Office Meta Reader
    • Firebird - Office Meta Reader 2
  • HackTheBox
    • Shocker
    • Optimum
    • Devel
    • Beep
  • VulnHub
Powered by GitBook
On this page
  • Wireshark Extract Bmp
  • XOR Brute Force
  1. CTF

Firebird - Secret Code

PreviousFirebird - Escape AgainNextFirebird - M$Office Meta Reader

Last updated 2 years ago

Wireshark Extract Bmp

Wireshark: File -> Export Objects: HTTP -> Save as bmp --> can't open!

file and exiftool shows not bmp format or format error. Checked lecture notes and found maybe it's XOR encrypted

XOR Brute Force

Cyberchef XOR with key = "Romantic 5" -> no result *Note this is the password for agent HTTP login in pcap

Because BMP image has a header starting with "BM", try brute force with known crib "bm" Two possible keys: df and ff

Got the image!

  • stegano-red

    • stegano-red reveal -i secret_mission_xor_decrypted.bmp

    • not working

  • crypto algorithms?

    • maybe encrypted stegseek result?

zsteg -a secret_mission_xor_decrypted.bmp > zsteg_all_output.txt b6,rgb,lsb,yx,prime .. file: PGP symmetric key encrypted data - Blowfish (128 bit key, 16 rounds)

Attack script