HackTheBox / Steganography

HackTheBox | Retired Steganography Challenges

. 4 min read . Written by Nautilus
HackTheBox | Retired Steganography Challenges

This post will be updated as I solve, or as more Steganography challenges from HackTheBox. Steganography can be defined as "the practice of concealing messages or information within other nonsecret text or data". I will hide the flag to all of these challenges in hopes that you use this page as a walkthrough and complete them yourself.


For this challenge we are presented with the description: "There should be something hidden inside this photo... Can you find out?" and a single photo:

When I start off with a single image, the first thing i try and do is bruteforce it with stegcracker, and use rockyou.txt as the wordlist:

However, I stopped this cracking because I found something interesting when using "strings" on the image:

strings hackerman.jpg

What I found interesting was the following which looks like an MD5 hash upon first inspection:


By quickly pasting this hash into CrackStation we find that the hash contains the password "almost"

We can also verify this by using John the Ripper:

Now let's try using the password "almost" to extract any data from the image:

Sweet it worked! After viewing the contents of hackerman.txt we're presented with base64 encoded text:

This can quickly be decoded with the following command and output into a new file:

cat hackerman.txt | base64 --decode > decodedbase64.txt


For this challenge we are presented with the description: "Someone has leaked pictures of our unreleased movie. Can you help identify him?" and a single photo:

That black part at the bottom of the photo seems to be a hint that something is hiding there.. Let's open the image in stegsolve to see if we can find anything:

After browsing through a few filters to Red plane 1 we find the flag:


Milkshake is a challenge which I had an easier time completing on a Windows machine. This is because I will be using Sonic Visualizer to examine the file, and find the flag. The challenges description is: "Can you bring all the boys to the yard?"

When listening to the audio file (which is deafening) we find that the beginning loops. Perhaps this is where the flag is hidden? Let's go to layer, and then switch to a spectrogram:

Layer > Add Spectogram > Milkshake: All Channels Mixed

After zooming out a little we can see the flag start to take shape:

Raining Blood

Raining Blood is a little similar to Milkshake but with its own unique twist. We're going back to Linux for this challenge. The description for this challenge is: "Can you find the hidden message?"

Upon unzipping the file we're presented with an audio file:

This challenge is actually pretty simple. After playing around in audacity for awhile I decided to use strings on the file:

strings RainingBlood.mp3

Yikes. What if we only searched for base64? This would mean we narrow our search for "==" - Maybe we'll find a flag inside of the file that way?

strings RainingBlood.mp3 | grep ==

Awesome! Looks like we've found some base64 encoded data. Let's copy it into a file and then decode it:

cat RainingBloodBase64 | base64 --decode > RainingBloodBase64Decoded