GCS Learn
Author - GIGOCYBERSPACE
Republished - 22 October 2024
Steghide is steganography program which hides bits of a data file in some of the least significant bits of another file in such a way that the existence of the data file is not visible and cannot be proven.
Steghide is designed to be portable and configurable and features hiding data in bmp, jpeg, wav and au files, blowfish encryption, MD5 hashing of passphrases to blowfish keys, and pseudo-random distribution of hidden bits in the container data.Steghide is useful in digital forensics investigations. Normally in tela life menaing, steganography is ude d8fferent technique like using of invisible ink and other to hide data.
Let's say for example someone is playing a kind of game to hide their location and any who finds him, get a special reward. Then we give them the clue of an image and say thats his location. If after many research, they will possibly realise that the location is embedded into the image and that he used steghide. And they will find a way to extract the file.
Bit there is another tool that is used to brute force files hidden with steghide and extract them and that tool is known as StegoBrute. So when the competitors of the game find out thsi tool they brute force the image with a word list, get jsi location and get the reward. And in thsi tutorial we will do just that.
Install StegHide and StegCracker
You will first have to install stenhide by typing this on the terminal:
apt-get install steghide
Then to installing StegCracker:
curl https://raw.githubusercontent.com/Paradoxis/StegCracker/master/stegcracker > stegcracker /bin/stegcracker
As many of you eho don't know, curl which is short for Client for URL is a Command Line Interface(CLI) tool written in C that allows receiving and sending of data in all protocols.
Set files
Now we will have to set up our files. We will use an image called anonymous.jpg and then embed the file called secret.txt and use a passphrase 12345. So we then we embed the file into the image by typing:
steghide embed -cf anonymous.jpg -ef secret.txt
Enter passphrase:
Re-Enter passphrase:
embedding "secret.txt" into "anonymous.jpg" ... done
Time to Crack
Now we have locked the file into the image. Now let's try to crack it ourselves. We will use StegCracker. So we crack the file by typing:
stegcracker -f <image-file> -w <word list>
So, when we see the open image, we found out that stegcracker was able to crack the file embedded into the image with our word list.
Extract the File
Now we've gotten the password, we can get all file information about the file back:
steghide extract -sf anonymous.jpg
Enter passphrase:
To get information about the file type :
steghide info anonymous.jpg
Conculsion
Privacy is becoming more scarce as the day passes by. Hiding sensitive encrypted messages or data in viewable form makes the data totally out to hacker.It is the next evolution of dta privacy protection especially when it deal with sensitive, sensitive data which can be hidden.
