Snowystego

Censored

We are given a wordlist, judging by the challenge title, they are probably refering to stegsnow, a whitespace stego tool

With the wordlist we are given, we are supposed to run it agaisnt a img file but since we are not given one, we can assume the wordlist is also the target

The idea is simple, stegsnow requires a password to decrypt, see Stegsnow manual and we can also assume that from the wordlist we got

Problem, stegsnow does not support wordlists, meaning we need to write our own bruteforce script, i’ve chosen to write it in bash as that is the quickest i can come up with

#!/bin/bash

chall=$(cat ./chall.txt)

for i in $chall; do
        echo -e "=== Password: $i ===\n"
        stegsnow -C -p $i chall.txt
        echo -e "\n"
done

Run with bash brute.sh | tee output.txt

After that search for the flag with cat output.txt | grep idek

FLAG idek{st3gsn0w_1s_n34t}
Home  |  /writeups/idekctf-2021/forensics/ Hugo theme modified from Yukuro's