How To Create Steganography Challenges #13
Hello, Amazing Hackers , Lets Create Some SteganoGraphy Challenges!
$ Whoami
>> Paul jeremiah aka cyberpj
>> passionate on cyber security
>> 0xcyberpj.me/my-blog
Shall we start?
═════════════════════════════════════════════
Steganography is the practice of concealing messages or information within other non-secret text or data. There is a wide range of file types and methods of hiding files/data.
Types:
Types of Steganography Steganography works on different transmission media like images, video, text, or audio. and so
#1 Steghide
Steghide is a steganography program that is able to hide data in various kinds of image- and audio files. The color- respectively sample-frequencies are not changed thus making the embedding resistant against first-order statistical tests.
we are going to use the embed option, let's hide a flag.txt inside a logo you can hide js, txt,wav, jpeg, png, etc
┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡sudo steghide embed -ef flag.txt -cf hacklido.jpeg -p "hacklido"password for kali: embedding in ... done
let’s delete the flag.txt and extract the same thing from the hacklido.jpeg
┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡rm flag.txt
Yep we the got flag by using the password- ‘hacklido’
Flag:hacklido{i_love_hacklido}
═════════════════════════════════════════════
#2 stego-lsb
Here we going to see about LSB steganography
Least Significant Bit Steganography We can describe a digital image as a finite set of digital values, called pixels
what is a pixel?:
Pixels are the smallest individual element of an image, holding values that represent the brightness of a given color at any specific point Least Significant Bit (LSB) is a technique in which the last bit of each pixel is modified and replaced with the secret message’s data bit.
https://github.com/ragibson/Steganography cool tool for steg
pip3 install stego-lsb
LSBSteg LSBSteg uses the least significant bit of steganography to hide a file in the color information of an RGB image (.bmp or .png). For each color channel (R,G,B) in each pixel of the image, we overwrite the least significant bits of the color value with the data from our file. In order to make recovering this data easier, we also hide the file size of our input file in the first few color channels of the image. How to use
You need Python 3 and Pillow, a fork of the Python Imaging Library (PIL)
Command Line Arguments: -h,
--hide To hide data in an image file
-i, --input TEXT Path to an bitmap (.bmp or .png) image
-s, --secret TEXT Path to a file to hide in the image
how to extract?
$ stegolsb steglsb -r -i secret.png -n 2 -o secre_output┌──(kali㉿kali)-[~/hacklido/steg]
└─$ cat secre_output
hacklido{i_love_hacklido}
Yep, We Got the flag!
═════════════════════════════════════════════
#3 stegolsb in wav file :)
here I’m going to use a sample audio file to hide a secret sample_audio.wav
┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡stegolsb wavsteg --help
Usage: stegolsb wavsteg [OPTIONS] Hides or recovers data in and from a sound file
Options: -h, --hide To hide data in a sound file
-r, --recover To recover data from a sound file
-i, --input TEXT Path to a .wav file
-s, --secret TEXT Path to a file to hide in the sound file
-o, --output TEXT Path to an output file -n,
--lsb-count INTEGER How many LSBs to use [default: 2] -b, --bytes INTEGER How many bytes to recover from the sound file
--help Show this message and exit┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡file file_example_WAV_2MG.wav file_example_WAV_2MG.wav: RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 16000 Hz┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡stegolsb wavsteg -h -i file_example_WAV_2MG.wav -n 2 -s flag.txt -o lol Using 2 LSBs, we can hide 268237 bytes Files read in 0.03s 26 bytes hidden in 0.01s
Output was written in 0.00s
so successfully flag.txt is embedded into the wav file with the name of lol lol too a wav file!
┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡file lol
lol: RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 16000 Hz
so how can we extract flag.txt from lol.wav?
┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡stegolsb wavsteg -r -i lol.wav -n 2 -o extracted_flag.txt -b 25
┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡ cat extracted_flag.txt hacklido{i_love_hacklido}
═════════════════════════════════════════════
#4 Stegosuite
stegosuite-(used by vn)
sudo apt install stegosuite
Open stegosuite
stegosuite
flag{what_if_vn_become_ceo_of_dash}
is embedded into the image with the password ‘vn’ to extract do the same thing with the extract option and password
That's All
═════════════════════════════════════════════
#5 Stegsnow
- what if there is a flag.txt file but not visible to us?
- snow eye stegsnow
Stegsnow is a tool for concealing messages in text files by appending tabs and whitespaces at the end of lines. The encoding used by snow relies on the fact that whitespaces and new lines won’t be displayed in text editors
Whats in flag.txt
┌──(kali㉿kali)-[~/hacklido/steg/stegsnow]
└─$ ⚡cat flag.txt
hacklido is rocking !!!
┌──(kali㉿kali)-[~/hacklido/steg/stegsnow]
└─$ ⚡sudo stegsnow -C -m "flag{i-love-hacklido}" flag.txt super.txt Compressed by 24.40% Message exceeded available space by approximately 504.76%. An extra 4 lines were added.
so now whats in super.txt?
┌──(kali㉿kali)-[~/hacklido/steg/stegsnow]
└─$ ⚡cat super.txthacklido is rocking !!!
Even There is nothing after a stegsnow conceal
-C is used for both things super.txt is our super-secret flag // how?
let’s decode ~
┌──(kali㉿kali)-[~/hacklido/steg/stegsnow]
└─$ ⚡stegsnow -C super.txt
flag{i-love-hacklido}
BOOM
═════════════════════════════════════════════
#6 Embedding a Zip into a PNG
let’s hide a zip file inside a png without any tool
- write a flag in a flag.txt and zip a whole directory
our secret:
┌──(kali㉿kali)-[~/hacklido/steg/pj/secret]
└─$ ⚡cat flag 12
lol this is literally a secret 123
to zip
┌──(kali㉿kali)-[~/hacklido/steg/pj]
└─$ ⚡zip -r secret.zip secret
secret.zip just has flag.txt so, how can we hide into the png without any tools?
simple but cool # Cat
┌──(kali㉿kali)-[~/hacklido/steg/pj]
└─$ ⚡cat hacklido.png secret.zip > pj_sec.png
chall is ready so how can we extract the secret.zip from png?
Binwalk, unzip, foremost, etc
┌──(kali㉿kali)-[~/hacklido/steg/pj]
└─$ ⚡binwalk -e pj_sec.png
DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 PNG image, 225 x 225, 8-bit/color RGB, non-interlaced 41 0x29 Zlib compressed data, best compression 13386 0x344A Zip archive data, at least v1.0 to extract, name: secret/ 13451 0x348B Zip archive data, at least v1.0 to extract, compressed size: 36, uncompressed size: 36, name: secret/flag 13714 0x3592 End of Zip archive, footer length: 22
after binwalk > navigate into the folder> secret > flag
and also
┌──(kali㉿kali)-[~/hacklido/steg/pj]
└─$ ⚡unzip pj_sec.png
Archive: pj_sec.png warning [pj_sec.png]
13386 extra bytes at beginning or within zipfile (attempting to process anyway)
creating: secret/
extracting: secret/flag
BOOM
═════════════════════════════════════════════
#7 Out Guess
let’s guess out of the box
> I just meant outguess
sudo apt install outguess
┌──(kali㉿kali)-[~/hacklido/steg/out]
└─$ ⚡outguess -d flag.txt logo.jpg output_secret.jpg
Reading logo.jpg.... JPEG compression quality set to 75 Extracting usable bits: 39822 bits Correctable message size: 16611 bits, 41.71% Encoded : 192 bits, 24 bytes Finding best embedding... 0: 133(59.4%)
[69.3%], bias 62(0.47), saved: -4, total: 0.33% 1: 107(47.8%)[55.7%], bias 59(0.55), saved: -1, total: 0.27% 18: 103(46.2%)[53.6%], bias 45(0.44), saved: 0, total: 0.26% 31: 98(43.8%)[51.0%], bias 38(0.39), saved: 0, total: 0.25% 31, 136: Embedding data: 192 in 39822 Bits embedded: 224, changed: 98(43.8%)[51.0%], bias: 38, tot: 39860, skip: 39636 Foiling statistics: corrections: 72,
failed: 0, offset: 280.966667 +- 329.817346 Total bits changed: 136 (change 98 + bias 38) Storing bitmap into data...
Writing output_secret.jpg...
so now output_secret.jpg is our chall
looks like an ordinary image
How to retrieve the flag?
-r retrieve the message from data
┌──(kali㉿kali)-[~/hacklido/steg/out]
└─$ ⚡outguess -r output_secret.jpg
output Reading
output_secret.jpg.... Extracting usable bits: 39822 bits Steg retrieve: seed: 31, len: 24 ┌──(kali㉿kali)-[~/hacklido/steg/out]
└─$ ⚡cat output flag{be_out_of_the_b0x}
also if you need to enc with the key :
-[kK] <key> key
that’s all !
═════════════════════════════════════════════
#8 Deep Sound
let's dive deep into some sounds
DeepSound is a steganography tool and audio converter that hides secret data into audio files. The application also enables you to extract secret files directly from audio files or audio CD tracks. DeepSound might be used as copyright marking software for wave, FLAC, WMA, ape, and audio CD.
WINDOWS ALERT..
install deep sound its too steg tool
let’s encode using the password: vn
Chall ready to extract just open carrier file then enter the powerful “vn”
lol, this is the secret!
═════════════════════════════════════════════
# 9 StegPy
Simple steganography program based on the LSB method.
Written in PYTHON link
$ pip3 install stegpy
1. hide >> stegpy “message to hide” hidden_inside.png
2. extract >> stegpy _image_name.png
Our mission to hide the flag (flag{its_her0_time})
and retrieve the same flag from the image
┌──(root💀kali)-[/home/kali/hacklido/steg/stegpy]
└─# stegpy "flag{its_her0_time}" hacklido.png Host dimension: 151,875 bytes Message size: 30 bytes Maximum size: 37,968 bytes Ok. Information encoded in _hacklido.png
To retrieve Flag :
┌──(root💀kali)-[/home/kali/hacklido/steg/stegpy]
└─# stegpy _hacklido.pngflag{its_her0_time}Lets do the same thing with password -p flag password = vn now!
═════════════════════════════════════════════
#10 Openstego
OpenStego is a steganography application that provides two functionalities:
a) Data Hiding: It can hide any data within an image file.
b) Watermarking: Watermarking image files with an invisible signature. It can be used to detect unauthorized file copying
https://github.com/syvaidya/openstego/releases/download/openstego-0.8.0/openstego_0.8.0-1_all.deb Deb Link
sudo dpkg -i openstego.deb
it's slightly the same syntax like steghide
The first argument must be a command. Valid commands are:embed, –embed Embed message into cover file
extract, –extract Extract message from stego file
gensig, –gensig Generate a signature for watermarking
embedmark, –embedmark Watermark a cover file using signature
checkmark, –checkmark Checks for watermark presence in the file
algorithms, –algorithms List down supported steganography algorithms
readformats –readformats List down supported formats for cover file
and so –help make sense
so first of all our flag is > hacklido{please_Help_me}
To Hide :
┌──(root💀kali)-[/home/kali/hacklido/steg/openstego]
└─# openstego embed -mf flag -sf hacklido.png
flag is the file that contains our flag .. Chall is ready
rm flag
because we don't need this now let's extract them from hacklido.png
Extract >> :
-mf, — messagefile Source message/data file. If this option is not provided or — is provided as the value then the message data is read from stdin
-sf, — stegofile Output stego file containing the embedded message. If this option is not provided or — is provided as the value then the stego file is written to stdout
┌──(root💀kali)-[/home/kali/hacklido/steg/openstego]
└─# openstego extract -sf hacklido.png
Extracted file: flag
┌──(root💀kali)-[/home/kali/hacklido/steg/openstego]
└─# cat flag hacklido{please_Help_me}
═════════════════════════════════════════════
#11 AudioStego
Audio steganography
AudioStego Audio file steganography. Hides text or files inside audio files and retrieve them automatically. It actually supports only .mp3 and .wav files as inputs, but you can hide whatever kind of file or text on them
ahh it's not only audio stuff lol
https://github.com/danielcardeenas/AudioStego/blob/master/BuildRelease/HideMeIn?raw=true
> Hiding data In order to hide a file inside another file
./hideme file_used_to_hide_data file_to_hide
Or if you want to hide a string on it
./hideme file_used_to_hide_data “‘Message to hide’”
(Notice the simple quotation inside double quotes)
Both will output a clone of the file with the hidden data as output.(file extension) Retrieving hidden data
In order to retrieve a hidden message just set the “-f” or “ — find” flag:
./hideme [file_with_hidden_data] -f
┌──(root💀kali)-[/home/kali/hacklido/steg/audio+steg]
└─# hidemein ./hacklido.jpeg "'flag{flag_is_life}'" Doing it boss! Spreading level: 148 Header wrote File has been savedas: output.jpeg Hiding process has finished successfully. Cleaning memory... ┌──(root💀kali)-[/home/kali/hacklido/steg/audio+steg]
└─# ls
hacklido.jpeg output.jpeg
chall is ready with a name of output just rename !!
Nice
═════════════════════════════════════════════
#12 Stylesuxx
so what about some online tools
yep that’s too interesting one let’s do 2 challs using online sites steganography_online
- click > encode
- scroll down
- save as the pic
let’s try to decode the secret from the image
flag: flag{i_did_for_hacklido}
═════════════════════════════════════════════
# 13 Future Boy steg
These pages use the steghide program to perform steganography, and the files generated are fully compatible with steghide lol
WE GOT < WHAT WE DID
═════════════════════════════════════════════
# DONE, THATS ALL FOR NOW TRY THEM ALL :)
//And also there are lots of tools and techniques to do steg soon I will cover more interesting things , I just covered few things, hope you like it
Thanks For Reading :)
PS : Thanks Hacklido for The logo :)
#cyberpj,#hacklido,#lets_create_ctf_challs, #ctf, #steg, #foren, #jeopardy #tamilctf #ctfplayer #0xcyberpj