• We just launched and are currently in beta. Join us as we build and grow the community.

Hide Secrets and Crack JPEG File Password via Steganography Tools

rokho

Network Penetrator
R
R Rep
0
0
0
Rep
0
R Vouches
0
0
0
Vouches
0
Posts
135
Likes
131
Bits
0
2 MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1 300 XP
Green-and-White-Clean-and-Simple-Business-Progress-Report-Sustainable-Development-Goals-Presentation.png


Hey Folks, as we know that sometimes in a CTF challenge, we need some steganography skills to secret a key or a hint and for that we discover a variety of tools on Github, but today we has brought two steganography tools for you that you can use in your CTF labs.

Tools for Steganography
  • Steghide – To hide string or key in any file format.
  • Stegbrute – To crack password and extract string from JPEG file.

Let’s take a look 😛 !!

Stegbrute Tool Installation

Stegbrute is a fast steganography brute force tool written in Rust using also threads to achieve a faster execution. This is not a pre-installed tool so we have to install it first using the wget command and then move it to the binary folder to access it from anywhere.

wget https://github.com/R4yGM/stegbrute/releases/download/0.1.1/stegbrute && chmod +x stegbrute
mv stegbrute /usr/local/bin/12wget https://github.com/R4yGM/stegbrute/releases/download/0.1.1/stegbrute && chmod +x stegbrutemv stegbrute/usr/local/bin/

1.png


Done 😛 !! As you can see in the image below, we can now use this tool just by entering the name.

stegbrute1stegbrute

2.png

Steghide Tool Installation

Steghide is a steganography program that is able to hide data in various kinds of image- and audio-files. The tool is already connected to the kali linux repository and that is why we are able to install it using the “apt-get” command.

apt-get install steghide1apt-get install steghide

3.png


Done 😛 !! Both tool are now successfully installed to demonstrate an example of steganography. First we will create a text file, hide the text file in JPEG file using Steghide tool and protect it with a password.

Usage 😛 !! steghide embed -cf < JPEF file > -ef < File that you want hide >

cat > secret.txt
steghide embed -cf jpg-vs-jpeg.jpg -ef secret.txt12cat>secret.txtsteghide embed-cf jpg-vs-jpeg.jpg-ef secret.txt

4.png


Amazing 😛 !! As we know the Stegbrute tool uses wordlist to extract hidden content out of the file. Now all you have to do is to give this tool the location of the JPEG file and the wordlist and immediately after that it will try to crack it using multiple passwords. After the password is successfully cracked, we get the secret string in the result file that we previously hidden.

Usage 😛 !! stegbrute -f < Protected File > -w < Wordlist Path >

stegbrute -f jpg-vs-jpeg.jpg -w word.txt1stegbrute-fjpg-vs-jpeg.jpg-wword.txt

5.png


In the same way you can hide any secret key and use these tools to prompt the user in your CTF labs.

About the AuthorShubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.
 
You must log in or register to reply here.

440,010

316,559

316,568

S sanlaxi
Top