Embedded Files
Let's become familiar with steganography!
Steghide
Steghide
steghide is one of the popular steganography tools that is able to hide a message inside an image. The advantage of using it is that it can encrypt data with a passphrase and the only way to unlock is having that password or otherwise you can't extract any data from it.
Install steghide by typing sudo apt install steghide.
-Download the given task files and extract it
-To extract a file, type steghide extract -sf <file.name>
-once extracted, then it will give you a text file
-check it
zsteg
zsteg
zsteg is to png's what steghide is to jpg's. It allows you to extract any and all data from png files.
install zsteg: gem install zsteg
extract png file: zsteg png1.png
To see what options are used with zsteg, type zsteg --help
Exiftool
Exiftool
Exiftool is a tool that works with metadata in image. Metadata is data that describes other data.
Exiftool allows you to edit or view image metadata. You can simply install it by typing sudo apt install exiftool.
As you can see, when you simply type exiftool <image filename>, it shows you the data about the image file like document name, file type, and etc.
Stegoveritas
Stegoveritas
Stegoveritas is a very useful steganography tool that can extract any type of data from every image, audio, video file types. It can work the same as exiftool, steghide, and even color correction.
Download stegoveritas: pip3 install stegoveritas -> stegoveritas_install_deps
stegoveritas <jpeg file>
It will create a new directory -> go to results -> cat steghide:
Spectrograms
Spectrograms
Spectrograms steganography is a method of hiding a message inside an audio file. It's worth to use it whenever you deal with audio stego. We are going to use Sonic Visualizer (go to https://www.sonicvisualiser.org/download.html) to analyze the spectrogram of the audio. For linux user, download it and go to properties and click 'allow this program to run'.
Open Sonic Visualizer -> Click file->open -> select file you want to analyze -> click Layer -> add a spectrogram
The Final Exam
The Final Exam
What is key 1?
-> go to IP_Address -> download an image -> exiftool exam1.jpeg -> password=admin -> steghide extract -sf exam1.jpeg -> cat a.txt -> get the key
What is key 2?
-> Download the audio file -> open Sonic Visualizer -> go to https://imgur.com//KT***** -> Download the png file -> zsteg <png file> -> get the key
What is key 3?
-> Download the png file -> stegoveritas <png file> -> go to results -> you have to manually put 50 different versions of QR code until you get the key when you decode an image through https://zxing.org/w/decode.jspx -> get the key
Page updated
Google Sites
Report abuse