Steganography
Last modified: 2024-09-25
Steganography is the practice of representing information within another message or physical object, in such a manner that the presence of the information is not evident to human inspection.
Basic Analysis
open example.jpg
file example.jpg
strings example.jpg
# Display the first N lines (default: 10 lines)
strings example.jpg | head
strings example.jpg | head -n 50
# Display the last N lines (default: 10 lines)
strings example.jpg | tail
strings example.jpg | tail -n 50
xxd example.jpg
xxd example.jpg | head
# -e: extract data inside a file
binwalk -e example.jpg
# Read meta information & embedded data
exiftool example.jpg
# GUI Analyzer
# https://github.com/zardus/ctf-tools/blob/master/stegsolve/install
java -jar stegsolve.jar
Using OSINT
Search the image information using search engines.
JPG
# Get hidden data
steghide info sample.jpg
steghide extract -sf sample.jpg
# Crack the passphrase of steghide
stegseek --crack sample.jpg /usr/share/wordlists/rockyou.txt
# --seed: Using default seed as passphrase
stegseek --seed sample.jpg
PNG
# PNG & BMP only - https://github.com/zed-0xff/zsteg
zsteg -a sample.png
QR Code Image (JPG/PNG)
zbarimg QR.png
# If the 'pdfinfo' does not exist in your system, install it with 'sudo apt install poppler-utils'
pdfinfo sample.pdf
# Convert PDF to text
pdftotext example.pdf example.txt
Crack PDF Password
# 1. Convert
pdf2john example.pdf > hash.txt
# or
/usr/share/john/pdf2john.pl example.pdf > hash.txt
# 2. Crack
john --format=pdf --wordlist=wordlist.txt hash.txt
PPM
outguess-extract example.ppm out.ppm
npiet
npiet is an interpreter for the piet programming language.
It takes as input a portable pixmap (PPM) and PNG, GIF.
-
Download and Compile
First of all, download the npiet and extract it.
wget https://www.bertnase.de/npiet/npiet-1.3f.tar.gz tar -xf npiet-1.3f.tar.gzThen compile the "npiet.c".
cd npiet-1.3f gcc npiet.c -o npiet -
Decode
After compiling, decode the image files
./npiet example.png ./npiet example.ppm ./npiet example.gif
Embed Hidden Data
Exiftool
exiftool -Key="value" sample.jpg
Steghide
steghide embed -ef sample.jpg
Outguess
[Outguess](A steganography tool for JPG, PPM and PNM.) is a steganography tool for JPG, PPM and PNM.
outguess -k "passphrase" -d hidden.txt example.jpg out.jpg