2023-1-6 WP

杭电CTF——神秘的海报

1.题目

• 题干

• 附件

2.解题思路

• 首先尝试LSB隐写

  

  右侧完整内容为：

  Sure enough, you still remember what we talked about at  that time! This is part of the secret: hgame{U_Kn0w_LSB
  &W.I put the rest of the content here,https://drive.go ogle.com/file/d/13kBos3Ixlfwkf3e0z0kJTEqBxm7RUk-G/view?u
  sp=sharing, if you direc tly access the google drive clou d disk download  in China, it wil l be very slow,  you can 
  try to u se Scientific In ternet access so lves the problem  of slow or inaccessible access  to external network resources. T his is my favori te music, there  is another part  of the secret in  the music, I us e Steghide to en crypt, the passw ord is also the  6-digit password  we agreed at th e time, even if  someone else fin ds out here, it  should not be so  easy to crack ( ( hope so 

  提供给我们前半段flag，并且给出了后半段flag的提示。

  我们用科学上网方式访问[https://drive.google.com/file/d/13kBos3Ixlfwkf3e0z0kJTEqBxm7RUk-G/view?usp=sharing](https://drive.go ogle.com/file/d/13kBos3Ixlfwkf3e0z0kJTEqBxm7RUk-G/view?usp=sharing)

​ 下载音频文件

• 然后使用kali中的steghide工具

  使用指令 apt-get install steghide 安装

​ 使用指令 steghide extract -sf 文件地址，来获取文件中的隐藏内容

​ 根据题目信息，密码为 6-digit password，很明显是123456

​ 然后直接使用cat查看文件内容

• flag

hgame{U_Kn0w_LSB&Wav^Mp3_Stego}