Skip to content

Instantly share code, notes, and snippets.

@0xcyberpj
Last active October 12, 2021 15:03
Show Gist options
  • Save 0xcyberpj/a5da7d0b9b07a4110a81986f4ad40394 to your computer and use it in GitHub Desktop.
Save 0xcyberpj/a5da7d0b9b07a4110a81986f4ad40394 to your computer and use it in GitHub Desktop.

Hell0 Pr0s

Its me PJ back again with another c00l bl0g


Steganography is the practice of concealing messages or information within other non-secret text or data. There is a wide range of file types and methods of hiding files/data.

an interesting part


It's too medium and easy challs // using the cool hacklido logo :) and so ..

TYPES:

Types of Steganography Steganography works on different transmission media like images, video, text, or audio. and so


Chall no 1

famous tool- steghide

Steghide is a steganography program that is able to hide data in various kinds of image- and audio files. The color- respectively sample-frequencies are not changed thus making the embedding resistant against first-order statistical tests.

we are going to use embed option

embedding options:
 -ef, --embedfile        select file to be embedded
   -ef <filename>        embed the file <filename>
 -cf, --coverfile        select cover-file
   -cf <filename>        embed into the file <filename>
 -p, --passphrase        specify passphrase
   -p <passphrase>       use <passphrase> to embed data
 -sf, --stegofile        select stego file
   -sf <filename>        write result to <filename> instead of cover-file
 -e, --encryption        select encryption parameters
   -e <a>[<m>]|<m>[<a>]  specify an encryption algorithm and/or mode
   -e none               do not encrypt data before embedding
 -z, --compress          compress data before embedding (default)
   -z <l>                 using level <l> (1 best speed...9 best compression)
 -Z, --dontcompress      do not compress data before embedding
 -K, --nochecksum        do not embed crc32 checksum of embedded data
 -N, --dontembedname     do not embed the name of the original file
 -f, --force             overwrite existing files
 -q, --quiet             suppress information messages
 -v, --verbose           display detailed information

Lets hide a flag.txt inside a logo you can hide js,txt,wav,jpeg,png,etc [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628827896-720166-image.png]

┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡sudo steghide embed -ef flag.txt -cf hacklido.jpeg -p "hacklido"
[sudo] password for kali: 
embedding "flag.txt" in "hacklido.jpeg"... done

let's delete the flag.txt and extract the same thing from the hacklido.jpeg ┌──(kali㉿kali)-[~/hacklido/steg] └─$ ⚡rm flag.txt

[upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628828528-868452-image.png] Yep we the got flag by using the password- 'hacklido'

Flag:hacklido{i_love_hacklido}


Chall no 2 :

Here we going to see about lsb steganography

Least Significant Bit Steganography We can describe a digital image as a finite set of digital values, called pixels.

what is a pixel?:

Pixels are the smallest individual element of an image, holding values that represent the brightness of a given color at any specific point Least Significant Bit (LSB) is a technique in which the last bit of each pixel is modified and replaced with the secret message’s data bit.

[[https://github.com/ragibson/Steganography]] cool tool for steg

pip3 install stego-lsb

LSBSteg LSBSteg uses the least significant bit of steganography to hide a file in the color information of an RGB image (.bmp or .png). For each color channel (R,G,B) in each pixel of the image, we overwrite the least significant bits of the color value with the data from our file. In order to make recovering this data easier, we also hide the file size of our input file in the first few color channels of the image. How to use

You need Python 3 and Pillow, a fork of the Python Imaging Library (PIL). [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628837933-64401-image.png]

Command Line Arguments:
 -h, --hide                      To hide data in an image file
 -i, --input TEXT                Path to an bitmap (.bmp or .png) image
 -s, --secret TEXT               Path to a file to hide in the image

[upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628829553-831485-image.png] ⚡stegolsb steglsb -r -i secret.png -n 2 -o secre_output

[upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628830169-105517-image.png] There is no difference between original and secret.png

how to extract ?

┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡stegolsb steglsb -r -i secret.png -n 2 -o secre_output
Files read                     in 0.08s
26 bytes recovered             in 0.00s
Output file written            in 0.00s
                                                                                                
┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡cat secre_output 
hacklido{i_love_hacklido}

Yep, We Got the flag!


Chall no 3:

By using stegolsb we can do the same thing in wav file

here I'm going to use a sample audio file to hide a secret sample_audio.wav

┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡stegolsb wavsteg --help                                                
Usage: stegolsb wavsteg [OPTIONS]

  Hides or recovers data in and from a sound file

Options:
  -h, --hide               To hide data in a sound file
  -r, --recover            To recover data from a sound file
  -i, --input TEXT         Path to a .wav file
  -s, --secret TEXT        Path to a file to hide in the sound file
  -o, --output TEXT        Path to an output file
  -n, --lsb-count INTEGER  How many LSBs to use  [default: 2]
  -b, --bytes INTEGER      How many bytes to recover from the sound file
  --help                   Show this message and exit.
                                                                                                

┌──(kali㉿kali)-[~/hacklido/steg] └─$ ⚡file file_example_WAV_2MG.wav file_example_WAV_2MG.wav: RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 16000 Hz

┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡stegolsb wavsteg -h -i file_example_WAV_2MG.wav -n 2 -s flag.txt -o lol 
Using 2 LSBs, we can hide 268237 bytes
Files read                     in 0.03s
26 bytes hidden                in 0.01s
Output was written             in 0.00s

so successfully flag.txt is embedded into the wav file with the name of lol lol too a wav file!

┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡file lol                     
lol: RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 16000 Hz

so how can we extract flag.txt from lol.wav?

┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡stegolsb wavsteg -r -i lol.wav -n 2 -o extracted_flag.txt -b 25 
Files read                     in 0.00s
Recovered 25 bytes             in 0.00s
Written output file            in 0.00s
                                                                                                
┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡cat extracted_flag.txt                                          
hacklido{i_love_hacklido}                                                                       

NICE


Chall no 4

stegosuite-(used by vn)

it just a gui tool [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628834516-837372-image.png]

[upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628834622-796753-image.png] flag{what_if_vn_became_ceo_of_dash} is embedded into the image with the password 'vn'

to extract do the same thing with the extract option and password [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628834961-415018-image.png]


Done

Chall no 5

what if there is a flag.txt file but not visible to us? snow eye lol stegsnow

Stegsnow is a tool for concealing messages in text files by appending tabs and whitespaces at the end of lines. The encoding used by snow relies on the fact that whitespaces and new lines won't be displayed in text editors

┌──(kali㉿kali)-[~/hacklido/steg/stegsnow]
└─$ ⚡cat flag.txt                                                                        
hacklido is rocking !!!

just a one-line message

┌──(kali㉿kali)-[~/hacklido/steg/stegsnow]
└─$ ⚡sudo stegsnow -C -m "flag{i-love-hacklido}" flag.txt super.txt
Compressed by 24.40%
Message exceeded available space by approximately 504.76%.
An extra 4 lines were added.

(-m : message to hide and also you can use -f to include a whole file)

┌──(kali㉿kali)-[~/hacklido/steg/stegsnow]
└─$ ⚡cat super.txt 
hacklido is rocking !!!                                                      
                                                                               
     
┌──(kali㉿kali)-[~/hacklido/steg/stegsnow]
└─$ ⚡

There is nothing after a stegsnow conceal -C is used for both things super.txt is our super-secret flag // how let's decode ~

┌──(kali㉿kali)-[~/hacklido/steg/stegsnow]
└─$ ⚡stegsnow -C super.txt 
flag{i-love-hacklido}                      

BOOM


Chall no 6

let's hide a zip file inside a png without any tool cool right

  • write a flag in a flag.txt and zip a whole directory -our secret
┌──(kali㉿kali)-[~/hacklido/steg/pj/secret]
└─$ ⚡cat flag                                                                             12 ⨯
lol this is literally  a secret 123

to zip

┌──(kali㉿kali)-[~/hacklido/steg/pj]
└─$ ⚡zip -r secret.zip secret

secret.zip just has flag.txt so how can we hide into the png without any tools

cat

simple but cool

┌──(kali㉿kali)-[~/hacklido/steg/pj]
└─$ ⚡cat hacklido.png secret.zip > pj_sec.png  

[upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628837427-46999-image.png]

chall is ready so how can we extract the secret.zip from png?

Binwalk, unzip

┌──(kali㉿kali)-[~/hacklido/steg/pj]
└─$ ⚡binwalk -e pj_sec.png                                                               130 ⨯

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             PNG image, 225 x 225, 8-bit/color RGB, non-interlaced
41            0x29            Zlib compressed data, best compression
13386         0x344A          Zip archive data, at least v1.0 to extract, name: secret/
13451         0x348B          Zip archive data, at least v1.0 to extract, compressed size: 36, uncompressed size: 36, name: secret/flag
13714         0x3592          End of Zip archive, footer length: 22

after binwalk > navigate into the folder> secret > flag [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628837674-441202-image.png] and also

┌──(kali㉿kali)-[~/hacklido/steg/pj]
└─$ ⚡unzip pj_sec.png
Archive:  pj_sec.png
warning [pj_sec.png]:  13386 extra bytes at beginning or within zipfile
  (attempting to process anyway)
   creating: secret/
 extracting: secret/flag            

BOOM

Chall no 7

let's guess out of the box https://media.giphy.com/media/3o7527pa7qs9kCG78A/giphy.gif I just meant outguess sudo apt install outguess

┌──(kali㉿kali)-[~/hacklido/steg/out]
└─$ ⚡outguess -d flag.txt logo.jpg output_secret.jpg
Reading logo.jpg....
JPEG compression quality set to 75
Extracting usable bits:   39822 bits
Correctable message size: 16611 bits, 41.71%
Encoded 'flag.txt': 192 bits, 24 bytes
Finding best embedding...
    0:   133(59.4%)[69.3%], bias    62(0.47), saved:    -4, total:  0.33%
    1:   107(47.8%)[55.7%], bias    59(0.55), saved:    -1, total:  0.27%
   18:   103(46.2%)[53.6%], bias    45(0.44), saved:     0, total:  0.26%
   31:    98(43.8%)[51.0%], bias    38(0.39), saved:     0, total:  0.25%
31, 136: Embedding data: 192 in 39822
Bits embedded: 224, changed: 98(43.8%)[51.0%], bias: 38, tot: 39860, skip: 39636
Foiling statistics: corrections: 72, failed: 0, offset: 280.966667 +- 329.817346
Total bits changed: 136 (change 98 + bias 38)
Storing bitmap into data...
Writing output_secret.jpg...

so now output_secret.jpg is our chall

looks like an ordinary image [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628838632-455080-image.png]

How to retrieve the flag? -r retrieve the message from data

┌──(kali㉿kali)-[~/hacklido/steg/out]
└─$ ⚡outguess -r output_secret.jpg  output                                          
Reading output_secret.jpg....
Extracting usable bits:   39822 bits
Steg retrieve: seed: 31, len: 24
                                                                                                
┌──(kali㉿kali)-[~/hacklido/steg/out]
└─$ ⚡cat output               
flag{be_out_of_the_b0x}

also if you need to enc with the key : -[kK] key that's all !


Chall no 8

lets dive deep into some sounds download

DeepSound is a steganography tool and audio converter that hides secret data into audio files. The application also enables you to extract secret files directly from audio files or audio CD tracks. DeepSound might be used as copyright marking software for wave, FLAC, WMA, ape, and audio CD.

WINDOWS ALERT.. install deep sound its too steg tool [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628839166-342245-image.png]

[upl-image-preview url=https://hacklido.comassets/f/iles/2021-08-13/1628841250-735295-image.png]

let's encode using the password: vn

[upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628841757-82680-image.png] Chall ready to extract just open carrier file then enter the powerful "vn" [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628841875-676306-image.png] [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628841902-534414-image.png]

lol this is the secret!


Chall no 9 :

Stegpy

Simple steganography program based on the LSB method. Written in PYTHON link

$ pip3 install stegpy

hide >> stegpy "message to hide" hidden_inside.png extract >> stegpy _image_name.png

Our mission to hide the flag (flag{its_her0_time}) and retrive the same flag from the image

┌──(root💀kali)-[/home/kali/hacklido/steg/stegpy]
└─# stegpy "flag{its_her0_time}" hacklido.png 
Host dimension: 151,875 bytes
Message size: 30 bytes
Maximum size: 37,968 bytes
Ok.
Information encoded in _hacklido.png.
                                                                                         
┌──(root💀kali)-[/home/kali/hacklido/steg/stegpy]
└─# stegpy _hacklido.png 
flag{its_her0_time}

Lets do the same thing with password -p flag password = vn now!

[upl-image-preview url=https://hacklido.com/assets/files/2021-08-17/1629173592-15876-image.png]

Chall no 10:

openstego

OpenStego is a steganography application that provides two functionalities: a) Data Hiding: It can hide any data within an image file. b) Watermarking: Watermarking image files with an invisible signature. It can be used to detect unauthorized file copying.

link .deb

sudo dpkg -i openstego.deb

its slightly the same syntax like steghide

The first argument must be a command. Valid commands are: embed, --embed Embed message into cover file extract, --extract Extract message from stego file gensig, --gensig Generate a signature for watermarking embedmark, --embedmark Watermark a cover file using signature checkmark, --checkmark Checks for watermark presence in the file algorithms, --algorithms List down supported steganography algorithms readformats --readformats List down supported formats for cover file and so --help make sense

so first of all our flag is > hacklido{please_gib_me_the_voucher}

Hide

                                                                                   
┌──(root💀kali)-[/home/kali/hacklido/steg/openstego]
└─# openstego embed -mf flag -sf hacklido.png

flag is the file that contains our flag .. Chall is ready

rm flag because we don't need this now let's extract them from hacklido.png Extract >>

-mf, --messagefile Source message/data file. If this option is not provided or - is provided as the value then the message data is read from stdin

-sf, --stegofile Output stego file containing the embedded message. If this option is not provided or - is provided as the value then the stego file is written to stdout

┌──(root💀kali)-[/home/kali/hacklido/steg/openstego]
└─# openstego extract -sf hacklido.png
Extracted file: flag
                                                                                         
┌──(root💀kali)-[/home/kali/hacklido/steg/openstego]
└─# cat flag
hacklido{please_gib_me_the_voucher}

NICE?


Chall no 11:

Audio stego

AudioStego Audio file steganography. Hides text or files inside audio files and retrieve them automatically. It actually supports only .mp3 and .wav files as inputs, but you can hide whatever kind of file or text on them.

ahh its not only audio stuffs lol get_it

> Hiding data In order to hide a file inside another file

./hideme file_used_to_hide_data file_to_hide

Or if you want to hide a string on it

./hideme file_used_to_hide_data "'Message to hide'"

(Notice the simple quotation inside double quotes)

Both will output a clone of the file with the hidden data as output.(file extension) Retrieving hidden data**

In order to retrieve a hidden message just set the "-f" or "--find" flag:

./hideme [file_with_hidden_data] -f

┌──(root💀kali)-[/home/kali/hacklido/steg/audio+steg]
└─# hidemein ./hacklido.jpeg "'flag{flag_is_life}'"                     
Doing it boss! 
Spreading level: 148
Header wrote
File has been saved as: output.jpeg
Hiding process has finished successfully.
Cleaning memory...
                                                                                         
┌──(root💀kali)-[/home/kali/hacklido/steg/audio+steg]
└─# ls
hacklido.jpeg  output.jpeg

chall is ready with a name of output just rename karo

how to extract -f is enough boii

[upl-image-preview url=https://hacklido.com/assets/files/2021-08-17/1629172375-315207-image.png]

Nice


Chall no 12

so what about some online tools yep that's too interesting one ** let's do 2 challs using online sites** steganography_online

[upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628842282-905437-image.png]

click > encode

  • scroll down
  • save as the pic

let's try to decode the secret from the image

[upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628842450-195038-image.png]

BOOM flag: flag{i_did_for_hacklido}

NICE


Chall no 12 :

I'm from the future Future_boy These pages use the steghide program to perform steganography, and the files generated are fully compatible with steghide lol [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628842784-719288-image.png]

[upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628842912-771414-image.png]

WE GOT < WHAT WE DID [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628842958-578645-image.png]

Done

*//and also there are lots of tools and techniques to do steg \soon ill cover more interesting things* //I just covered few things, hope you like it

#cyberpj,#hacklido,#giveaway, #knowledgeisfree,#lets_create_ctf_challs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment