Stego Troll
Last updated
Last updated
Scenario:
The flag for this stego challenge is in this description!!
Process:
Start off by copying the challenge to a text document.
We will notice that the formatting is off when we paste it into notepad.
Also we wil notice that for such a short sentence the file takes up quite a bit of room on disk.
Next if we output the file to hex we can see some interesting things.
Get-content and format-hex to look at the data
We can also drop this into CyberChef to also see the unique output
Non-Printable characters:
There are 8 non printable characters that could be used, but luckily we can see that the same one was used.
Hex of 80 8B E2
Unicode of U+200C
List of all 8 Non Printable Characters
Going back to CyberChef to see how we can find anything, we see that there are breaks in all the characters by printable characters.
How many Non Printable Character (NPC) [Not Non Player Characters] are there between printable characters?
We get a length of 102, what does that mean? How does that help us?
The 102 length translates into f which is the first letter of our flag!
You can do this a couple of ways..
By hand translating all the character… (time consuming)
One-liner script (fast and to the point)
Scripting (repeatable)
For this we will focus on a script we can reuse.
This following code will allow us to see how we can “count” the NPCs
As you can see we can split on hex:e2 or decimal:226
80 and 8b also follow along and you could split on those as well.
Walking through the script:
Script will do the following
This will translate each character into a decimal
Match the three NPC characters and when it doesn’t match take our count and add it to the array as it breaks on ASCII
Increment for each NPC, we only need one of the three NPCs, I chose the first.
Add the count to our array
Reset the count to start over
Print out and convert to ASCII and save to our nice output
Print the variable and join them together into one single line
