Tryhackme:CC: Steganography


Steganography(Stego) is the art of concealing something inside something else, for example: A message inside a jpg file, or a binary inside a png. Stego has been used since ancient times to deliver messages that they don’t want others seeing. In the modern day it’s used for the same purpose, only now we have much more advanced tools. This room is designed to go over those tools and how to use them.


Steghide is one of the most famous steganography tools, and for good reason. It’s a classic method, hiding a message inside an image, and steghide does it effectively and efficiently. A downside of steghide is that it only works on jpgs; however, that means that if you believe there is a hidden message inside a jpg, then steghide is a probable option.


zsteg is to png’s what steghide is to jpg’s. It supports various techniques to extract any and all data from png files.


Exiftool is a tool that allows you to view and edit image metadata. While this in itself is not a stego tool, I would be remiss not to include at least a footnote on it as one of the most popular forms of image stego is to hide messages in the metadata.

  1. In the included jpeg3 file, what is the document name?


Personally this is one of my favorite image stego tools. It supports just about every image file, and is able to extract all types of data from it. It is an incredibly useful tool if you don’t know exactly what you’re looking for, as it has a myriad of built in tests to extract any and all data.


Spectrogram stegonography is the art of hiding hidden an image inside in an audio file’s spectogram. Therefore when ever dealing with audio stego it is always worth analyzing the spectrogram of the audio. To do this task we will be using Sonic Visualizer.

The Final Exam:



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store



CTF-PLAYER, security analyst, Pentesting, vapt, digital forensics