Exploit Notes


Last modified: 2023-02-15


Steganography is the practice of representing information within another message or physical object, in such a manner that the presence of the information is not evident to human inspection.

Basic Analysis

open example.jpg
file example.jpg
strings example.jpg
strings example.jpg | head
strings example.jpg | head -n 50
xxd example.jpg
xxd example.jpg | head

Extract the Data inside the Image File

# -e: extract data inside image
binwalk -e example.jpg

outguess-extract example.ppm out.ppm

Read Meta Information

exiftool example.jpg

If you get the GPS Latitude/Longitude, you can get the location by searching on Google Map e.g. GPS Latitude: 54 deg 17' 41.27" N, GPS Longitude: 2 deg 15' 1.33" W Input "54 17' 41.27" N 2 15' 1.33" W" in the search form on Google Map.

Get Hidden Data

# JPG only
steghide info sample.jpg
steghide extract -sf sample.jpg

# PNG & BMP only - https://github.com/zed-0xff/zsteg
zsteg -a sample.png

sudo apt install poppler-utils
pdfinfo sample.pdf

# QR code scan
zbarimg QR.png
  • Crack Steg Passphrases

    Use Stegseek.

    # Crack using wordlists
    stegseek --crack sample.jpg /usr/share/wordlists/rockyou.txt
    # Crack by attempting all embedding patterns
    stegseek --seed sample.jpg
  • Crack PDF password

    # 1. Convert
    pdf2john example.pdf > hash.txt
    # or
    /usr/share/john/pdf2john.pl example.pdf > hash.txt
    # 2. Crack
    john --format=pdf --wordlist=wordlist.txt hash.txt

GUI Analyzer

stegsolve is an image analysis tool on GUI.

java -jar stegsolve.jar

Embed Hidden Data


exiftool -Key="value" sample.jpg


steghide embed -ef sample.jpg


[Outguess](A steganography tool for JPG, PPM and PNM.) is a steganography tool for JPG, PPM and PNM.

outguess -k "passphrase" -d hidden.txt example.jpg out.jpg


Search the image information using search engines.


npiet is an interpreter for the piet programming language.
It takes as input a portable pixmap (PPM) and PNG, GIF.

  1. Download and Compile

    First of all, download the npiet and extract it.

    wget https://www.bertnase.de/npiet/npiet-1.3f.tar.gz
    tar -xf npiet-1.3f.tar.gz

    Then compile the "npiet.c".

    cd npiet-1.3f
    gcc npiet.c -o npiet
  2. Decode

    After compiling, decode the image files

    ./npiet example.png
    ./npiet example.ppm
    ./npiet example.gif

Tools by HDKS


Automatic web fuzzer.


Auto reconnaissance CLI.

Hash Cracker

Hash identifier.