Its me PJ back again with another c00l bl0g
Steganography is the practice of concealing messages or information within other non-secret text or data. There is a wide range of file types and methods of hiding files/data.
an interesting part
It's too medium and easy challs // using the cool hacklido logo :) and so ..
TYPES:
Types of Steganography Steganography works on different transmission media like images, video, text, or audio. and so
famous tool- steghide
Steghide is a steganography program that is able to hide data in various kinds of image- and audio files. The color- respectively sample-frequencies are not changed thus making the embedding resistant against first-order statistical tests.
we are going to use embed option
embedding options:
-ef, --embedfile select file to be embedded
-ef <filename> embed the file <filename>
-cf, --coverfile select cover-file
-cf <filename> embed into the file <filename>
-p, --passphrase specify passphrase
-p <passphrase> use <passphrase> to embed data
-sf, --stegofile select stego file
-sf <filename> write result to <filename> instead of cover-file
-e, --encryption select encryption parameters
-e <a>[<m>]|<m>[<a>] specify an encryption algorithm and/or mode
-e none do not encrypt data before embedding
-z, --compress compress data before embedding (default)
-z <l> using level <l> (1 best speed...9 best compression)
-Z, --dontcompress do not compress data before embedding
-K, --nochecksum do not embed crc32 checksum of embedded data
-N, --dontembedname do not embed the name of the original file
-f, --force overwrite existing files
-q, --quiet suppress information messages
-v, --verbose display detailed information
Lets hide a flag.txt inside a logo you can hide js,txt,wav,jpeg,png,etc [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628827896-720166-image.png]
┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡sudo steghide embed -ef flag.txt -cf hacklido.jpeg -p "hacklido"
[sudo] password for kali:
embedding "flag.txt" in "hacklido.jpeg"... done
let's delete the flag.txt and extract the same thing from the hacklido.jpeg
┌──(kali㉿kali)-[~/hacklido/steg] └─$ ⚡rm flag.txt
[upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628828528-868452-image.png] Yep we the got flag by using the password- 'hacklido'
Here we going to see about lsb steganography
Least Significant Bit Steganography We can describe a digital image as a finite set of digital values, called pixels.
what is a pixel?:
Pixels are the smallest individual element of an image, holding values that represent the brightness of a given color at any specific point Least Significant Bit (LSB) is a technique in which the last bit of each pixel is modified and replaced with the secret message’s data bit.
[[https://github.com/ragibson/Steganography]] cool tool for steg
pip3 install stego-lsb
LSBSteg LSBSteg uses the least significant bit of steganography to hide a file in the color information of an RGB image (.bmp or .png). For each color channel (R,G,B) in each pixel of the image, we overwrite the least significant bits of the color value with the data from our file. In order to make recovering this data easier, we also hide the file size of our input file in the first few color channels of the image. How to use
You need Python 3 and Pillow, a fork of the Python Imaging Library (PIL). [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628837933-64401-image.png]
Command Line Arguments:
-h, --hide To hide data in an image file
-i, --input TEXT Path to an bitmap (.bmp or .png) image
-s, --secret TEXT Path to a file to hide in the image
[upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628829553-831485-image.png]
⚡stegolsb steglsb -r -i secret.png -n 2 -o secre_output
[upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628830169-105517-image.png] There is no difference between original and secret.png
how to extract ?
┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡stegolsb steglsb -r -i secret.png -n 2 -o secre_output
Files read in 0.08s
26 bytes recovered in 0.00s
Output file written in 0.00s
┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡cat secre_output
hacklido{i_love_hacklido}
Yep, We Got the flag!
By using stegolsb we can do the same thing in wav file
here I'm going to use a sample audio file to hide a secret sample_audio.wav
┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡stegolsb wavsteg --help
Usage: stegolsb wavsteg [OPTIONS]
Hides or recovers data in and from a sound file
Options:
-h, --hide To hide data in a sound file
-r, --recover To recover data from a sound file
-i, --input TEXT Path to a .wav file
-s, --secret TEXT Path to a file to hide in the sound file
-o, --output TEXT Path to an output file
-n, --lsb-count INTEGER How many LSBs to use [default: 2]
-b, --bytes INTEGER How many bytes to recover from the sound file
--help Show this message and exit.
┌──(kali㉿kali)-[~/hacklido/steg] └─$ ⚡file file_example_WAV_2MG.wav file_example_WAV_2MG.wav: RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 16000 Hz
┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡stegolsb wavsteg -h -i file_example_WAV_2MG.wav -n 2 -s flag.txt -o lol
Using 2 LSBs, we can hide 268237 bytes
Files read in 0.03s
26 bytes hidden in 0.01s
Output was written in 0.00s
so successfully flag.txt is embedded into the wav file with the name of lol lol too a wav file!
┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡file lol
lol: RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 16000 Hz
so how can we extract flag.txt from lol.wav?
┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡stegolsb wavsteg -r -i lol.wav -n 2 -o extracted_flag.txt -b 25
Files read in 0.00s
Recovered 25 bytes in 0.00s
Written output file in 0.00s
┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡cat extracted_flag.txt
hacklido{i_love_hacklido}
it just a gui tool [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628834516-837372-image.png]
[upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628834622-796753-image.png] flag{what_if_vn_became_ceo_of_dash} is embedded into the image with the password 'vn'
to extract do the same thing with the extract option and password [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628834961-415018-image.png]
what if there is a flag.txt file but not visible to us? snow eye lol stegsnow
Stegsnow is a tool for concealing messages in text files by appending tabs and whitespaces at the end of lines. The encoding used by snow relies on the fact that whitespaces and new lines won't be displayed in text editors
┌──(kali㉿kali)-[~/hacklido/steg/stegsnow]
└─$ ⚡cat flag.txt
hacklido is rocking !!!
just a one-line message
┌──(kali㉿kali)-[~/hacklido/steg/stegsnow]
└─$ ⚡sudo stegsnow -C -m "flag{i-love-hacklido}" flag.txt super.txt
Compressed by 24.40%
Message exceeded available space by approximately 504.76%.
An extra 4 lines were added.
(-m : message to hide and also you can use -f to include a whole file)
┌──(kali㉿kali)-[~/hacklido/steg/stegsnow]
└─$ ⚡cat super.txt
hacklido is rocking !!!
┌──(kali㉿kali)-[~/hacklido/steg/stegsnow]
└─$ ⚡
There is nothing after a stegsnow conceal -C is used for both things super.txt is our super-secret flag // how let's decode ~
┌──(kali㉿kali)-[~/hacklido/steg/stegsnow]
└─$ ⚡stegsnow -C super.txt
flag{i-love-hacklido}
BOOM
let's hide a zip file inside a png without any tool cool right
- write a flag in a flag.txt and zip a whole directory -our secret
┌──(kali㉿kali)-[~/hacklido/steg/pj/secret]
└─$ ⚡cat flag 12 ⨯
lol this is literally a secret 123
to zip
┌──(kali㉿kali)-[~/hacklido/steg/pj]
└─$ ⚡zip -r secret.zip secret
secret.zip just has flag.txt so how can we hide into the png without any tools
simple but cool
┌──(kali㉿kali)-[~/hacklido/steg/pj]
└─$ ⚡cat hacklido.png secret.zip > pj_sec.png
[upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628837427-46999-image.png]
chall is ready so how can we extract the secret.zip from png?
┌──(kali㉿kali)-[~/hacklido/steg/pj]
└─$ ⚡binwalk -e pj_sec.png 130 ⨯
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 PNG image, 225 x 225, 8-bit/color RGB, non-interlaced
41 0x29 Zlib compressed data, best compression
13386 0x344A Zip archive data, at least v1.0 to extract, name: secret/
13451 0x348B Zip archive data, at least v1.0 to extract, compressed size: 36, uncompressed size: 36, name: secret/flag
13714 0x3592 End of Zip archive, footer length: 22
after binwalk > navigate into the folder> secret > flag [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628837674-441202-image.png] and also
┌──(kali㉿kali)-[~/hacklido/steg/pj]
└─$ ⚡unzip pj_sec.png
Archive: pj_sec.png
warning [pj_sec.png]: 13386 extra bytes at beginning or within zipfile
(attempting to process anyway)
creating: secret/
extracting: secret/flag
BOOM
let's guess out of the box
https://media.giphy.com/media/3o7527pa7qs9kCG78A/giphy.gif
I just meant outguess
sudo apt install outguess
┌──(kali㉿kali)-[~/hacklido/steg/out]
└─$ ⚡outguess -d flag.txt logo.jpg output_secret.jpg
Reading logo.jpg....
JPEG compression quality set to 75
Extracting usable bits: 39822 bits
Correctable message size: 16611 bits, 41.71%
Encoded 'flag.txt': 192 bits, 24 bytes
Finding best embedding...
0: 133(59.4%)[69.3%], bias 62(0.47), saved: -4, total: 0.33%
1: 107(47.8%)[55.7%], bias 59(0.55), saved: -1, total: 0.27%
18: 103(46.2%)[53.6%], bias 45(0.44), saved: 0, total: 0.26%
31: 98(43.8%)[51.0%], bias 38(0.39), saved: 0, total: 0.25%
31, 136: Embedding data: 192 in 39822
Bits embedded: 224, changed: 98(43.8%)[51.0%], bias: 38, tot: 39860, skip: 39636
Foiling statistics: corrections: 72, failed: 0, offset: 280.966667 +- 329.817346
Total bits changed: 136 (change 98 + bias 38)
Storing bitmap into data...
Writing output_secret.jpg...
so now output_secret.jpg is our chall
looks like an ordinary image [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628838632-455080-image.png]
How to retrieve the flag?
-r retrieve the message from data
┌──(kali㉿kali)-[~/hacklido/steg/out]
└─$ ⚡outguess -r output_secret.jpg output
Reading output_secret.jpg....
Extracting usable bits: 39822 bits
Steg retrieve: seed: 31, len: 24
┌──(kali㉿kali)-[~/hacklido/steg/out]
└─$ ⚡cat output
flag{be_out_of_the_b0x}
also if you need to enc with the key : -[kK] key that's all !
lets dive deep into some sounds download
DeepSound is a steganography tool and audio converter that hides secret data into audio files. The application also enables you to extract secret files directly from audio files or audio CD tracks. DeepSound might be used as copyright marking software for wave, FLAC, WMA, ape, and audio CD.
WINDOWS ALERT.. install deep sound its too steg tool [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628839166-342245-image.png]
[upl-image-preview url=https://hacklido.comassets/f/iles/2021-08-13/1628841250-735295-image.png]
let's encode using the password: vn
[upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628841757-82680-image.png] Chall ready to extract just open carrier file then enter the powerful "vn" [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628841875-676306-image.png] [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628841902-534414-image.png]
lol this is the secret!
Chall no 9 :
Simple steganography program based on the LSB method. Written in PYTHON link
$ pip3 install stegpy
hide >> stegpy "message to hide" hidden_inside.png extract >> stegpy _image_name.png
Our mission to hide the flag (flag{its_her0_time}) and retrive the same flag from the image
┌──(root💀kali)-[/home/kali/hacklido/steg/stegpy]
└─# stegpy "flag{its_her0_time}" hacklido.png
Host dimension: 151,875 bytes
Message size: 30 bytes
Maximum size: 37,968 bytes
Ok.
Information encoded in _hacklido.png.
┌──(root💀kali)-[/home/kali/hacklido/steg/stegpy]
└─# stegpy _hacklido.png
flag{its_her0_time}
Lets do the same thing with password -p flag password = vn now!
[upl-image-preview url=https://hacklido.com/assets/files/2021-08-17/1629173592-15876-image.png]
OpenStego is a steganography application that provides two functionalities: a) Data Hiding: It can hide any data within an image file. b) Watermarking: Watermarking image files with an invisible signature. It can be used to detect unauthorized file copying.
sudo dpkg -i openstego.deb
its slightly the same syntax like steghide
The first argument must be a command. Valid commands are: embed, --embed Embed message into cover file extract, --extract Extract message from stego file gensig, --gensig Generate a signature for watermarking embedmark, --embedmark Watermark a cover file using signature checkmark, --checkmark Checks for watermark presence in the file algorithms, --algorithms List down supported steganography algorithms readformats --readformats List down supported formats for cover file and so --help make sense
so first of all our flag is > hacklido{please_gib_me_the_voucher}
Hide
┌──(root💀kali)-[/home/kali/hacklido/steg/openstego]
└─# openstego embed -mf flag -sf hacklido.png
flag is the file that contains our flag .. Chall is ready
rm flag
because we don't need this now
let's extract them from hacklido.png
Extract >>
-mf, --messagefile Source message/data file. If this option is not provided or - is provided as the value then the message data is read from stdin
-sf, --stegofile Output stego file containing the embedded message. If this option is not provided or - is provided as the value then the stego file is written to stdout
┌──(root💀kali)-[/home/kali/hacklido/steg/openstego]
└─# openstego extract -sf hacklido.png
Extracted file: flag
┌──(root💀kali)-[/home/kali/hacklido/steg/openstego]
└─# cat flag
hacklido{please_gib_me_the_voucher}
AudioStego Audio file steganography. Hides text or files inside audio files and retrieve them automatically. It actually supports only .mp3 and .wav files as inputs, but you can hide whatever kind of file or text on them.
ahh its not only audio stuffs lol get_it
> Hiding data In order to hide a file inside another file
./hideme file_used_to_hide_data file_to_hide
Or if you want to hide a string on it
./hideme file_used_to_hide_data "'Message to hide'"
(Notice the simple quotation inside double quotes)
Both will output a clone of the file with the hidden data as output.(file extension) Retrieving hidden data**
In order to retrieve a hidden message just set the "-f" or "--find" flag:
./hideme [file_with_hidden_data] -f
┌──(root💀kali)-[/home/kali/hacklido/steg/audio+steg]
└─# hidemein ./hacklido.jpeg "'flag{flag_is_life}'"
Doing it boss!
Spreading level: 148
Header wrote
File has been saved as: output.jpeg
Hiding process has finished successfully.
Cleaning memory...
┌──(root💀kali)-[/home/kali/hacklido/steg/audio+steg]
└─# ls
hacklido.jpeg output.jpeg
chall is ready with a name of output just rename karo
[upl-image-preview url=https://hacklido.com/assets/files/2021-08-17/1629172375-315207-image.png]
so what about some online tools yep that's too interesting one ** let's do 2 challs using online sites** steganography_online
[upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628842282-905437-image.png]
click > encode
- scroll down
- save as the pic
let's try to decode the secret from the image
[upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628842450-195038-image.png]
BOOM flag: flag{i_did_for_hacklido}
I'm from the future Future_boy These pages use the steghide program to perform steganography, and the files generated are fully compatible with steghide lol [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628842784-719288-image.png]
[upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628842912-771414-image.png]
WE GOT < WHAT WE DID [upl-image-preview url=https://hacklido.com/assets/files/2021-08-13/1628842958-578645-image.png]
*//and also there are lots of tools and techniques to do steg \soon ill cover more interesting things* //I just covered few things, hope you like it
#cyberpj,#hacklido,#giveaway, #knowledgeisfree,#lets_create_ctf_challs