Tag: steganography

Steganography

TryHackMe ROOM: https://tryhackme.com/room/ccstego

Steganography(Stego) is the art of concealing something inside something else, for example: A message inside a jpg file, or a binary inside a png . More broadly ,hiding bad things into good things.

This is just a basic room to introduce to various Stego tools . The tools introduced here are :

  • steghide : Images and Audio(JPEG, BMP, WAV, AU )files are supported as cover file, no restriction on format of secret data.
  • zsteg : Images (PNG, BMP) are supported as cover file.
  • exiftool : Exiftool is a tool that allows you to view and edit image metadata.
  • stegoveritas : Images(JPG, PNG, GIF, TIFF, BMP), it supports just about every image file .
  • spectograms : Spectrogram stegonography is the art of hiding hidden an image inside in an audio file’s spectogram. So , While dealing with audio file we will try to analyze the spectogram of the audio file.

Many tools may not be present by default in the system, so it’s advisable to install these tools before doing this room. I am using Manjaro and will try to include both “apt” and “pacman” installations command .

Also download the attachment given in the room for doing assignment .

Extract the zip file using 

unzip spect.zip

after cd in the extracted directory , on listing we get

“ls -l”

Steghide

Debian Install : sudo apt install steghide

Arch Install : sudo pacman -S blackarch , search for steghide and type the corresponding number .

After installation we should do ,man steghide, which shows us basic commands:

There is a hidden message in jpeg1.jpeg and a passphrase is given too , so we need to extract it , after referring to help menu it will take a form of :

steghide extract -sf filename.jpeg -p givenPassphrase

we will get our output file named as “a.txt” by default .

Zsteg

Debian/Arch Install : ruby should be installed in the system , to install “zsteg”, run

gem install zsteg

zsteg is to png’s what steghide is to jpg’s. It supports various techniques to extract any and all data from png files. Detects various LSB stego, also openstego and the camouflage tools. Running following piece of command , we can get the hidden informations :

zsteg filename.png

Exiftool

Debian Install : sudo apt install exiftool

Arch Install : sudo pacman -S perl-image-exiftool

Check out metadata of media files. Run, 

exiftool filename.jpeg

Stegoveritas

Debian/Arch Install : pip3 install stegoveritas && stegoveritas_install_deps

can also use Blackarch to install in Arch.

Now , we can run it as

stegoveritas jpeg2.jpeg

we get our hidden message in a file which is in the folder “results”, see for yourself 🙂

Spectograms

We will solve this problem using , GUI tool sonic-visualiser .Which upon opening gives window like this :

Add a file and then click Layer->Add Spectogram . For wav1 file in example it is as follows :

Layer->Add Spectogram

that’s it. We can clearly see the letter “A” hidden ,which was our message here.

TL;DR : Using Steganography(i.e covered writing), we can hide secret message in otherwise not so secret mediums(and that’s where it differs from cryptography, i.e secret writing.)

It was just a basic room , nothing fancy here :))

The Final Exam – Practicing above learnt tools

Connect to the lab using openvpn:

sudo openvpn /path/to/downloads/username.openvpn

doing a “nikto” scan on the IP of the virtual server :

sudo nikto -h IP_of_the_virtual_server

we get the output as follows, you could see a web server is running at port 80:

so , we will type target IP in our browser , as target_IP:80. we get this page

this is a jpeg file

so from this lesson we have 2 tools to deal with jpeg images : steghide & stegoveritas, and 1 tool(exiftool) to get metadata.

we will first try steghide here:

steghide extract -sf exam1.jpeg

But it will prompt us for passphrase(we have no passphrase right now), so we will try to see something in metadata using exiftool:

exiftool exam1.jpeg

we get the passphrase from metadata , running once again through steghide with passphrase flag as(here, I am just showing a placeholder for passphrase):

steghide extract -sf exam1.jpeg -p theNewlyFoundPassphrase

we get the key and after submitting , in next challenge we have to download wav file and load this in sonic-visualizer and apply spectogram layer(click Layer->Add Spectogram) , we get a URL, when we go to the URL , we get an image(PNG) :

exam2.png

we will try zsteg here as:

zsteg exam2.png

voila, we have 2nd key with us , upon submitting it we get to the page

downloading and using zsteg as: zsteg exam3.png ,gives us dead end.

when scanning QR code , scanning return nothing as the image is bad .We will here use stegoveritas , which also has color correction features which may result in a readable QR code:

stegoveritas exam3.png

we can see stegoveritas has created a folder “results” in which there are many versions of “exam3.png” generated , upon scanning any of these QR code having a high contrast we will get the key .

Design a site like this with WordPress.com
Get started