R·D Intel

StegoRSA — picoCTF Writeup (Steganography + RSA Deep Dive) | by mayhack - Freedium Milestone: 20GB Reached We’ve reached 20GB of stored data — thank you for helping us grow! Patreon Ko-fi Liberapay Close < Go to the original StegoRSA — picoCTF Writeup (Steganography + RSA Deep Dive) Challenge Description mayhack Follow ~2 min read · April 2, 2026 (Updated: April 2, 2026) · Free: Yes Challenge Description This challenge combines: Steganography → hiding data inside files RSA Cryptography → encryption/decryption We are given: weee.jpg (image) flag.enc (encrypted file) 👉 Goal: Extract hidden data → recover key → decrypt flag Understanding the Concepts 🔹 Steganography (Simple Explanation) Steganography = hiding secret data inside normal files Example: Image looks normal 👁️ But inside metadata → secret exists 🔐 👉 In this challenge: data hidden in JPEG comment field 🔹 RSA (Simple Explanation) RSA uses: Public Key → encrypt Private Key → decrypt 👉 If private key mil gaya → game over (we can decrypt) Step-by-Step Exploitation Step 1 — Analyze Image Metadata Run: exiftool weee.jpg Output: 👉 This is clearly hex data , not normal text. Step 2 — Decode the Hex hex_data = "2d2d2d2d2d424547494e2050524956415445204b4559..." decoded = bytes.fromhex(hex_data).decode() print(decoded) Output: -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDq3mThsuMFoG3/ wmlyt4fUZ92sI8fMLIMFUVWvxX6WMPHA1VJlo8kfx5skiHzWWl5XYIalGr7KW7X0 ... UwkkM+srAQK+sVVR0Qbl0yU= -----END PRIVATE KEY----- 🎯 Private RSA key extracted successfully Step 3 — Check Encrypted File with open("flag.enc","rb") as f: data = f.read() print(len(data)) Output: 256 👉 Confirms 2048-bit RSA encryption Step 4 — Decrypt the Flag from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import padding with open("private_key.pem","rb") as f: key = serialization.load_pem_private_key(f.read(), password=None) with open("flag.enc","rb") as f: ciphertext = f.read() plaintext = key.decrypt(ciphertext, padding.PKCS1v15()) print(plaintext) Step 5 — Final Output picoCTF{rs4_k3y_1n_1mg_d8526dc3} 🎉 FLAG CAPTURED Why This Attack Works Image metadata (comment field) was used to hide data Data was only hex encoded (not secure) Private key exposure → complete RSA break Once private key mil gaya → decryption trivial Key Learnings Always check: Metadata (EXIF) Hidden fields Steganography ≠ encryption RSA is secure ONLY if private key is safe Hex encoding is reversible instantly Conclusion This challenge teaches a critical lesson: 👉 Never hide secrets in files thinking no one will look Attackers always check: Metadata Hidden fields File structure 📬 Stay Connected If you found this helpful and want to learn more about web security, hands-on labs , feel free to follow me for upcoming posts. ✍️ Follow me for more cybersecurity write-ups 🔗 LinkedIn — codermayank 📸 Instagram — @mayhack_ Tags: #BugBounty #EthicalHacking #ChatGPT #CyberSecurity #AIforSecurity #PenetrationTesting #HackerOne #Bugcrowd #WebSecurity #InfoSec #bug-bounty #cryptography #ctf #cybersecurity #hacking Reporting a Problem Sometimes we have problems displaying some Medium posts. If you have a problem that some images aren't loading - try using VPN. Probably you have problem with access to Medium CDN (or fucking Cloudflare's bot detection algorithms are blocking you).