“Defend the Web” write-up 24 bit

“Defend the Web” write-up (24 bit)

“Defend the Web” write-up (24 bit —file extension manipulation exploit

In this particular example, we are required to extract the login details from the file that is available for us to download.

Let’s start the challenge by downloading the file and try to analyze it.

Double-click on the file and see what’s inside.

Based on the screenshot, it looks like it is some sort of a binary file. There are three sorts of binary files, image, sound, or text. Let’s use one of these methods to read the file. Right-click on the file and open it up with any image editor software. You can also change the extension of the file to “.jpg” and run the file.

Here you go, the username and password are in plain text. Copy and paste them into the login screen to pass the challenge.

In this example, developers used a very weak steganography methodology to hide the text inside the image file. If in any case, you are planning to use this method, we suggest you use a stronger method with at least double or triple encryption techniques implemented.

“Defend the Web” write-up (24 bit)

“Defend the Web” write-up (24 bit —file extension manipulation exploit

Follow Us