Black as My Coffee

TryHackMe ROOM: https://tryhackme.com/room/ccstego

Steganography(Stego) is the art of concealing something inside something else, for example: A message inside a jpg file, or a binary inside a png . More broadly ,hiding bad things into good things.

This is just a basic room to introduce to various Stego tools . The tools introduced here are :

steghide : Images and Audio(JPEG, BMP, WAV, AU )files are supported as cover file, no restriction on format of secret data.

zsteg : Images (PNG, BMP) are supported as cover file.
exiftool : Exiftool is a tool that allows you to view and edit image metadata.
stegoveritas : Images(JPG, PNG, GIF, TIFF, BMP), it supports just about every image file .
spectograms : Spectrogram stegonography is the art of hiding hidden an image inside in an audio file’s spectogram. So , While dealing with audio file we will try to analyze the spectogram of the audio file.

Many tools may not be present by default in the system, so it’s advisable to install these tools before doing this room. I am using Manjaro and will try to include both “apt” and “pacman” installations command .

Also download the attachment given in the room for doing assignment .

Extract the zip file using

unzip spect.zip

after cd in the extracted directory , on listing we get

Steghide

Debian Install : sudo apt install steghide

Arch Install : sudo pacman -S blackarch , search for steghide and type the corresponding number .

After installation we should do ,man steghide, which shows us basic commands:

There is a hidden message in jpeg1.jpeg and a passphrase is given too , so we need to extract it , after referring to help menu it will take a form of :

steghide extract -sf filename.jpeg -p givenPassphrase

we will get our output file named as “a.txt” by default .

Zsteg

Debian/Arch Install : ruby should be installed in the system , to install “zsteg”, run

gem install zsteg

zsteg is to png’s what steghide is to jpg’s. It supports various techniques to extract any and all data from png files. Detects various LSB stego, also openstego and the camouflage tools. Running following piece of command , we can get the hidden informations :

zsteg filename.png

Exiftool

Debian Install : sudo apt install exiftool

Arch Install : sudo pacman -S perl-image-exiftool

Check out metadata of media files. Run,

exiftool filename.jpeg

Stegoveritas

Debian/Arch Install : pip3 install stegoveritas && stegoveritas_install_deps

can also use Blackarch to install in Arch.

Now , we can run it as

stegoveritas jpeg2.jpeg

we get our hidden message in a file which is in the folder “results”, see for yourself 🙂

Spectograms

We will solve this problem using , GUI tool sonic-visualiser .Which upon opening gives window like this :

Add a file and then click Layer->Add Spectogram . For wav1 file in example it is as follows :

that’s it. We can clearly see the letter “A” hidden ,which was our message here.

TL;DR : Using Steganography(i.e covered writing), we can hide secret message in otherwise not so secret mediums(and that’s where it differs from cryptography, i.e secret writing.)

It was just a basic room , nothing fancy here :))

The Final Exam – Practicing above learnt tools

Connect to the lab using openvpn:

sudo openvpn /path/to/downloads/username.openvpn

doing a “nikto” scan on the IP of the virtual server :

sudo nikto -h IP_of_the_virtual_server

we get the output as follows, you could see a web server is running at port 80:

so , we will type target IP in our browser , as target_IP:80. we get this page

so from this lesson we have 2 tools to deal with jpeg images : steghide & stegoveritas, and 1 tool(exiftool) to get metadata.

we will first try steghide here:

steghide extract -sf exam1.jpeg

But it will prompt us for passphrase(we have no passphrase right now), so we will try to see something in metadata using exiftool:

exiftool exam1.jpeg

we get the passphrase from metadata , running once again through steghide with passphrase flag as(here, I am just showing a placeholder for passphrase):

steghide extract -sf exam1.jpeg -p theNewlyFoundPassphrase

we get the key and after submitting , in next challenge we have to download wav file and load this in sonic-visualizer and apply spectogram layer(click Layer->Add Spectogram) , we get a URL, when we go to the URL , we get an image(PNG) :

we will try zsteg here as:

zsteg exam2.png

voila, we have 2nd key with us , upon submitting it we get to the page

downloading and using zsteg as: zsteg exam3.png ,gives us dead end.

when scanning QR code , scanning return nothing as the image is bad .We will here use stegoveritas , which also has color correction features which may result in a readable QR code:

stegoveritas exam3.png

we can see stegoveritas has created a folder “results” in which there are many versions of “exam3.png” generated , upon scanning any of these QR code having a high contrast we will get the key .

“Boredom inspired me with fear but not with disgust, because it has something frank and essential about it. Sadism on the contrary, was repugnant to me, especially on account of its hypocrisy(the sadist always claim that he is punishing his victim whereas actually he is seeking enjoyment through the suffering he inflicts under the pretext of punishment) and also on account of excitement it brought me .”
– Alberto Moravia, Boredom

This was my first experience with Moravia. I read this book in February and after going over it once more , I decided to write a review about it. I found the copy of this book in public library and was intrigued by the “amusing” title and intriguing cover art.

Dino , our protagonist is spoiled son of a rich mother , who loathes his mother because she is rich but at the same time he takes all his expenses from his mother. He has rented a studio away from his mother’s house for painting. His profession is of painter but it’s clear from beginning that he has already became bored of that too.

As we go through the first few pages of the book , Dino explains his meaning of boredom in a very graphic sense. According to his definition , “Boredom is not the opposite of amusement and it often resembles amusement in many aspects. Boredom is a kind of insufficiency or a lack of reality which resembles alienation in some way”.

After the death of the painter in his neighbouring studio , he come in acquaintance with his young lover, Cecilia. She seems intellectually far inferior to Dino and from there starts a series of sexual affair between them. Dino gives money and various gifts in exchange and wants to have a full control of this younger female. At first he treats her as a mere object but then starts to ask Cecilia some intellectual questions about her thoughts and beliefs ,but the answers given by her was very mundane and was very superficial and unsatisfying to him . He once also acted like a sadist out of contempt of her, but then abandoned such behavior.

As this meeting between them become a regular affair, the aim of our hero Dino becomes to take complete control of her and then get rid of her , just to go again in his initial continuous state of boredom. It turned out that Cecilia was an object to him only to the point she acted like one. Once it appeared to him that she has a life and lovers, other than him, he become obsessed with her and desperate for total control. He offers to purchase her/her freedom which shows a desperate and disturbed state of his mind.

This book is another book over existentialism and bourgeois state of mind. The way in which the author describes boredom and a need of control is very much realistic. Moravia’s boredom can sometimes be exchanged for obsession, sometimes for alienation , sometimes just boredom and sometimes even amusement, which is very thoughtful to read. Also we can easily see how close boredom , amusement , alienation, obsession are related.

A thing/person which is amusing at first for some time, cease to be so , and then due to lack of connection with that thing/person arises boredom. Again through boredom one turns to some bad habits and eventually becomes an addict of things like drugs/sex/social media, which alienates the person from reality and thus imparts alienation , and this loop continues.

Contrary to the title , this book was not boring in any sense,it shows us the disease in a man’s mind and how existentialism affects one’s mind. Also the ending is not conclusive as it happens in case of most existentialism works.

I would rate this book 5/5 , as I got an unique sense of how boredom arises and how a human mind get obsessed and controlling over someone/something. I also believe from experience that this case in not that uncommon in people with severe ocd.

I would recommend everyone to give this book a try when they get bored(pun intended) .

Profound disconnection from world at large.

Was it possible for a man to escape his own destiny? And if not , what was the point of knowing what one was doing?Was it possible that there was not some difference between a destiny accepted in a state of unconsciousness & one which was lived out in a state of lucid consciousness?
Alberto Moravia , Boredom