Shulou(Shulou.com)06/01 Report--

In order to solve the problem of steganography and cryptography coding in CTF, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

I. CTF type

1 、 web

Sql injection, XSS, file upload, including vulnerabilities, XXE, SSRF, command execution, code audit, etc.

2. Problem solving (Pwn)

Attack the services of a remote server

Provide the binaries of the service program

Analyze vulnerabilities and write exp

Stack overflow, heap overflow

Bypass the protection mechanism

3. Reverse (Reverse)

Crack the algorithm of the program to get the flag in the program

Fight against anti-debugging and code confusion

4. Mobile Security (Mobile)

App cracking of Android and IOS

5. Miscellaneous (Misc)

Forensics, coding and decoding, encryption and decryption, steganography, picture processing, compression package, programming, etc.

Second, learning strategy

1. Basic computer

Operating system, network technology, programming

2. Web application

HTTP protocol, web development framework, web security testing

3. Database

Basic operation of database

SQL statement

Database optimization

4. Doing exercises

III. Steganography

Hide information in other carriers to keep information from unplanned recipients, common carriers: pictures, audio, video, compression packages

1. Picture steganography

Subtle color differences, the tool used: stegsolve

The GIF diagram is hidden in many frames, hidden in the dynamic map, flash by, it is difficult to see with the naked eye, the tools used: stegsolve, Namo GIF, Phtoshop

Exif information hiding, online tool: https://exif.tuchong.com/

Picture repair, modify header information

2. Audio steganography

The information is hidden in the sound (in reverse order)

The information is hidden in the data (analyzing audio data)

Tools used: MP3stego, Auditon, Matlab

3. Video steganography

Hidden in one or more frames of the video

Tools used: Premiere, sound and shadow

4. File steganography

File stitching (copy / b 1.jpg+1.zip 2.jpg)

Tools used: binwalk, dd, winhex

IV. Cryptographic coding

1. Symmetric encryption algorithm, the key of encryption and decryption is the same. For example, DES, 3DES, AES, etc., which can be decrypted with online tools.

2. Asymmetric encryption algorithm, encrypting with public key and decrypting with private key, such as RSA, etc.

3. Bacon password: a password made up of an and b

4. Other common encryption:

5. Coding and summary

1. Encryption: encrypt the transmitted information to ensure the security of the information. The original information can be restored through key and ciphertext.

2. Coding: convert the data into a fixed format of encoded information to facilitate transmission between different systems. By decoding the encoded information, you can get the original information, common coding: ASCII,Base64,URL coding, HTML coding, Unicode, UTF-8, Morse code, QR code.

3. Hash: also called digest or hash, verifies the integrity of the information, and cannot restore the original information through the hash value

This is the answer to the question about steganography and cryptography coding in the foundation of CTF. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel to learn more about it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.