Tryhackme:CC: Steganography

jagadeesh
5 min readMar 28, 2021

--

A crash course on the topic of steganography

Intro:

Steganography(Stego) is the art of concealing something inside something else, for example: A message inside a jpg file, or a binary inside a png. Stego has been used since ancient times to deliver messages that they don’t want others seeing. In the modern day it’s used for the same purpose, only now we have much more advanced tools. This room is designed to go over those tools and how to use them.

All needed files can be found inside the included zip file

Note: Basic linux knowledge required.

Steghide:

Steghide is one of the most famous steganography tools, and for good reason. It’s a classic method, hiding a message inside an image, and steghide does it effectively and efficiently. A downside of steghide is that it only works on jpgs; however, that means that if you believe there is a hidden message inside a jpg, then steghide is a probable option.

One of the greatest benefits of stegohide, is that it can encrypt data with a passphrase. Meaning that if they don’t have the password then they can’t extract any data.

steghide can be installed with the command sudo apt install steghide

1.What argument allows you to embed data(such as files) into other files?

A:embed

2.What flag let’s you set the file to embed?

A:-ef

3.What flag allows you to set the “cover file”?(i.e the jpg)

A:-cf

4.How do you set the password to use for the cover file?

A:-p

5.What argument allows you to extract data from files?

A:extract

6.How do you select the file that you want to extract data from?

A:-sf

7.Given the passphrase “password123”, what is the hidden message in the included “jpeg1” file.

A:pinguftw

zsteg:

zsteg is to png’s what steghide is to jpg’s. It supports various techniques to extract any and all data from png files.

Note: zsteg also supports BMP files, but it is primarily used for png’s.

zsteg can be installed by using ruby with the command gem install zsteg

1.How do you specify that the least significant bit comes first

A: — lsb

2.What about the most significant bit?

A: — msb

3.How do you specify verbose mode?

A:-v

4.How do you extract the data from a specific payload?

A:-e

5.In the included file “png1” what is the hidden message?

A:nootnoot

6.What about the payload used to encrypt it.

A:b1,bgr,lsb,xy

Exiftool:

Exiftool is a tool that allows you to view and edit image metadata. While this in itself is not a stego tool, I would be remiss not to include at least a footnote on it as one of the most popular forms of image stego is to hide messages in the metadata.

Exiftool can be installed with sudo apt install exiftool

  1. In the included jpeg3 file, what is the document name?

A:Hello :)

Stegoveritas:

Personally this is one of my favorite image stego tools. It supports just about every image file, and is able to extract all types of data from it. It is an incredibly useful tool if you don’t know exactly what you’re looking for, as it has a myriad of built in tests to extract any and all data.

Note: Stegoveritas has other features as well such as color correcting images

Stegoveritas can be installed by running these two commands:

pip3 install stegoveritas

stegoveritas_install_deps

1.How do you check the file for metadata?

A:-meta

2.How do you check for steghide hidden information

A:steghide

3.What flag allows you to extract LSB data from the image?

A:-extractLSB

4.In the included image jpeg2 what is the hidden message?

A:kekekekek

Spectrograms:

Spectrogram stegonography is the art of hiding hidden an image inside in an audio file’s spectogram. Therefore when ever dealing with audio stego it is always worth analyzing the spectrogram of the audio. To do this task we will be using Sonic Visualizer.

Note: This introduction will be done using the included wav1 file.

When you open Sonic Visualizer you should see this screen:

From there click File->Open and then select the included wav1 file and you should see a screen similar to this:

From there click Layer->Add Spectrogram and you should see this:

And that’s it!

1.What is the hidden text in the included wav2 file?

A:google

Good luck and have fun!

The Final Exam:

What is key 1?

A:superkeykey

2.What is key 2?

It shows a link, I will go to that link and download the image file.

As the image we downloaded is in a .png format, So, we use zsteg tool to find our second key.

A:fatality

3.What is key 3?

A:killshot

please everyone join my telegram channel :https://t.me/hackerwheel

please everyone join my youtube channel :https://www.youtube.com/channel/UCl10XUIb7Ka6fsq1Pl7m0Hg

Hackerwheel
Change the world
https://t.me/hackerwheel

--

--

jagadeesh
jagadeesh

Written by jagadeesh

CTF-PLAYER, security analyst, Pentesting, vapt, digital forensics