CC: Steganography
Date: 19, May, 2021
Author: Dhilip Sanjay S
Click Here to go to the TryHackMe room.
Introduction
Steganography(Stego) is the art of concealing something inside something else, for example: A message inside a jpg file, or a binary inside a png.
All needed files can be found inside the included zip file
StegHide
Steghide is one of the most famous steganography tools.
It is used for hiding a message inside an image.
Works only for jpg image:
A downside of steghide is that it only works on jpgs; however, that means that if you believe there is a hidden message inside a jpg, then steghide is a probable option.
Benefits of stegohide:
It can encrypt data with a passphrase.
What argument allows you to embed data(such as files) into other files?
Answer: embed
What flag let's you set the file to embed?
Answer: -ef
What flag allows you to set the "cover file"?(i.e the jpg)
Answer: -cf
How do you set the password to use for the cover file?
Answer: -p
What argument allows you to extract data from files?
Answer: extract
How do you select the file that you want to extract data from?
Answer: -sf
Given the passphrase "password123", what is the hidden message in the included "jpeg1" file.
Answer: pinguftw
Steps to Reproduce:
zsteg
zsteg is to png's what steghide is to jpg's. It supports various techniques to extract any and all data from png files.
zsteg also supports BMP files, but it is primarily used for png's.
How do you specify that the least significant bit comes first
Answer: --lsb
What about the most significant bit?
Answer: --msb
How do you specify verbose mode?
Answer: -v
How do you extract the data from a specific payload?
Answer: -E
In the included file "png1" what is the hidden message?
Answer: nootnoot
What about the payload used to encrypt it.
Answer: b1,bgr,lsb,xy
Exiftool
Exiftool is a tool that allows you to view and edit image metadata.
In the included jpeg3 file, what is the document name
Answer: Hello :)
Steps to Reproduce:
Stegoveritas
Stegoveritas supports just about every image file, and is able to extract all types of data from it.
It is an incredibly useful tool if you don't know exactly what you're looking for, as it has a myriad of built in tests to extract any and all data.
Stegoveritas has other features as well such as color correcting images.
How do you check the file for metadata?
Answer: -meta
How do you check for steghide hidden information
Answer: -steghide
What flag allows you to extract LSB data from the image?
Answer: -extractLSB
In the included image jpeg2 what is the hidden message?
Answer: kekekekek
Steps to Reproduce:
Spectrograms
Spectrogram stegonography is the art of hiding hidden an image inside in an audio file's spectogram.
Therefore when ever dealing with audio stego it is always worth analyzing the spectrogram of the audio.
What is the hidden text in the included wav2 file?
Answer: Google
Steps to Reproduce:
Final Exam
What is key 1?
Answer: superkeykey
Steps to Reproduce:
Since, it's a jpg image, the key must be hidden using steghide.
But we need a passphrase to extract the data.
So, let's try exiftool first to checkout some of the metadata.
The metadata contains
password=admin
.Now we can run steghide to extract the data!
What is key 2?
Answer:
Steps to Reproduce:
We can see the link in the image after spectrogram analysis:
https://imgur.com/KTrtNI5
We'll download the image file using
wget https://i.imgur.com/KTrtNI5.png
.It is a png file, hence we can use either zsteg and stegoveritas to find the hidden information.
What is key 3?
Answer: killshot
Steps to Reproduce:
It seems like the qrcode cannot be scanned from this image.
Initially I tried to scan it using
zbarimg
, which gave the following error:
Remember that stegoveritas has color-correction features too?
So, we'll run stegoveritas for this final challenge:
It color corrected and gave out almost 50 images.
Only 5 out of 50 images were scannable using zbarimg.
We'll check the one with inverted:
References
Last updated