Blogger introduction

Blogger introduction ： Hello everyone , I am a  _PowerShell , I'm pleased to meet you ~
The main field of study is ：【 Penetration field 】【 data communication 】【 Communication security 】【web Security 】【 Interview analysis 】
Like comments collection == Develop habits （ One key, three links ）
Welcome to study and discuss together ️ Progress together, there are colored eggs at the end of the text
The author's level is limited , You are welcome to point out , Learn from each other and make progress ！

Catalog

One 、 Figure type +ZIP

1. Get pictures with hidden files

2. Retrieve other files hidden in the picture file

3. Separate other files hidden in the picture file

1.Foremost  The tool separates other hidden files

2. Change the suffix to zip Then extract other hidden files

Two 、LSB Steganography

LSB Steganography introduction

Example

3、 ... and 、 Missing file format &GIF Steganography

Put the picture in 010editor Make repairs

Put the picture in Namo_GIF_gr perhaps Stegsolve Hidden information is found

Get steganography

One 、 Figure type +ZIP

1. Get pictures with hidden files

The so-called image type , Is to use what you want to hide first zip Packaging compression , Then combine it with a normal picture , Achieve the purpose of hiding information .

Here I have prepared a zip.zip And 111000.png Pictures of the .zip The content inside is zip.png

And then in windows Command window input ：copy/b 111000.png + zip.zip output.png

Get a picture named output.png The picture file of , It can be opened normally

2. Retrieve other files hidden in the picture file

use binwalk Tools You can easily retrieve other files hidden in image files according to the principle of retrieving matching file headers , Take this picture as an example , stay kali linux Enter commands in the binwalk And then output.png Drag into the command window and press enter to execute  

Direct input ：binwalk ‘ File path to view ’

3. Separate Other files hidden in the picture file

utilize Linux Under the foremost Tools Can be output.png Hidden in zip Separate the documents , stay kali linux Input from the command line foremost, And then output.png Drag into the command window and press enter to separate , The default output folder is output, In this folder, you can find the separated zip .

1.Foremost  Tool separation Other hidden files

Foremost  Not found , But you can install it ：y

  installation is complete , Direct input foremost ‘ File path to be separated ’

Automatic generation output Folder

Drag onto windows Look at the content on the desktop  

Successfully separated

2. Change the suffix to zip Then decompress and separate Other hidden files

Of course , There is also a simpler and rougher way ： Directly change the suffix of the picture to .zip, Then decompress it （ This method is simple and fast , But it may fail if multiple files are hidden ）

First the output The suffix of the picture is changed to zip, obtain output.zip file

  Then decompress , Unzip to get our compressed file zip.zip The content of ,zip.png

  Successfully separated .

Two 、LSB Steganography

LSB Steganography Introduce

LSB Steganography , That's the least significant bit (Least Significant Bit) Steganography .

The number of images in the picture is generally composed of three colors , Three primary colors , These three primary colors can form other colors , For example, in PNG Picture storage , Each color will have 8bit,LSB Steganography is to modify the lowest number of images 1bit, Write encrypted information , The human eye cannot notice the changes before and after .

Example

Picture links ：

https://pan.baidu.com/s/1aQaZj0UH2Xk_rGiYWf6lzg?pwd=30e2

This picture looks like only six green pig heads , But it contains a hidden QR code , We can use tools Stegsolve.jar Open this diagram

Stegsolve.jar Tools to address ：

https://download.csdn.net/download/qq_51577576/86246245

Then switch to Gray bits, You can see that the QR code hidden in the channel appears in the upper left corner , Scan the QR code to get flag

csdn It seems that you can't send this QR code map , Here the picture is deleted

3、 ... and 、 Missing file format &GIF Steganography

Picture links ：

https://download.csdn.net/download/qq_51577576/86246267
https://pan.baidu.com/s/1Mn7k0FYfmw-x5wuZYFbUXw?pwd=h6zh 

The following picture is called “ This is a gif picture .gif” The file of , Open and find an error .

Put the picture in 010editor Make repairs

Picture original unrecognized file , According to the file name “ This is a gif picture .gif” Guess it is gif picture

You can't open the picture directly

Throw the picture to 010editor in ,

010editor Tools to address ：

https://download.csdn.net/download/qq_51577576/86246276

stay CTF Sometimes we need to repair pictures , This is important for us to understand the file structure of pictures . find gif File format , Then compare the damaged document to repair it .

Find a normal gif Picture drag in 010editor

We will find that it is different from ordinary GIF The picture is different , The head is missing something , Comparing some documents , You will find that there is less GIF8.

We can open it normally by repairing it manually .（ Insert GIF8, preservation ）

Put the picture in Namo_GIF_gr perhaps Stegsolve Hidden information is found

Found a string of numbers and letters superimposed , Find a way to separate .

Turn the... Of each frame in turn 254 Adjust the bit color bit to one color , preservation . You can see the flashing letters in each frame .

Finally, it is spliced base64 decode , obtain flag.

have access to gif Gadget Namo_GIF_gr Amendment No 254bit Color position

Namo_GIF_gr Tools to address ：

https://download.csdn.net/download/qq_51577576/86246260

Get steganography

Eight frames of information are combined ：

PASSWORDisY2F0Y2hfdGhlX2R5bmFtaWNfZmxhZ19pc19xdW10ZV9zaW1wbGU=

Obviously this is a Base64 code , Then take it to decode and get catch_the_dynamic_flag_is_qumte_simple

Use the carrier to hide information when data is hidden , We often need to analyze where the data is hidden first , That is, what he is using as a carrier , Then we can further analyze whether it is encrypted or encoded . We need to understand the format of a picture , To know what is suspicious , What are the redundant components that can hide information