How To Create Steganography Challenges #13

Hello, Amazing Hackers , Lets Create Some SteganoGraphy Challenges!

$ Whoami

>> Paul jeremiah  aka cyberpj 
>> passionate on cyber security
>> 0xcyberpj.me/my-blog

Shall we start?

═════════════════════════════════════════════

Steganography is the practice of concealing messages or information within other non-secret text or data. There is a wide range of file types and methods of hiding files/data.

Types:

Types of Steganography Steganography works on different transmission media like images, video, text, or audio. and so

#1 Steghide

Steghide is a steganography program that is able to hide data in various kinds of image- and audio files. The color- respectively sample-frequencies are not changed thus making the embedding resistant against first-order statistical tests.

we are going to use the embed option, let's hide a flag.txt inside a logo you can hide js, txt,wav, jpeg, png, etc

┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡sudo steghide embed -ef flag.txt -cf hacklido.jpeg -p "hacklido"
password for kali: embedding in ... done

let’s delete the flag.txt and extract the same thing from the hacklido.jpeg

┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡rm flag.txt

Yep we the got flag by using the password- ‘hacklido’

Flag:hacklido{i_love_hacklido}

═════════════════════════════════════════════

#2 stego-lsb

Here we going to see about LSB steganography

Least Significant Bit Steganography We can describe a digital image as a finite set of digital values, called pixels

what is a pixel?:

Pixels are the smallest individual element of an image, holding values that represent the brightness of a given color at any specific point Least Significant Bit (LSB) is a technique in which the last bit of each pixel is modified and replaced with the secret message’s data bit.

https://github.com/ragibson/Steganography cool tool for steg

pip3 install stego-lsb

LSBSteg LSBSteg uses the least significant bit of steganography to hide a file in the color information of an RGB image (.bmp or .png). For each color channel (R,G,B) in each pixel of the image, we overwrite the least significant bits of the color value with the data from our file. In order to make recovering this data easier, we also hide the file size of our input file in the first few color channels of the image. How to use

You need Python 3 and Pillow, a fork of the Python Imaging Library (PIL)

Command Line Arguments: -h,
--hide To hide data in an image file
-i, --input TEXT Path to an bitmap (.bmp or .png) image
-s, --secret TEXT Path to a file to hide in the image
There is no difference between original and secret.png

how to extract?

$ stegolsb steglsb -r -i secret.png -n 2 -o secre_output┌──(kali㉿kali)-[~/hacklido/steg]
└─$ cat secre_output
hacklido{i_love_hacklido}

Yep, We Got the flag!

═════════════════════════════════════════════

#3 stegolsb in wav file :)

here I’m going to use a sample audio file to hide a secret sample_audio.wav

┌──(kali㉿kali)-[~/hacklido/steg] 
└─$ ⚡stegolsb wavsteg --help
Usage: stegolsb wavsteg [OPTIONS] Hides or recovers data in and from a sound file
Options: -h, --hide To hide data in a sound file
-r, --recover To recover data from a sound file
-i, --input TEXT Path to a .wav file
-s, --secret TEXT Path to a file to hide in the sound file
-o, --output TEXT Path to an output file -n,
--lsb-count INTEGER How many LSBs to use [default: 2] -b, --bytes INTEGER How many bytes to recover from the sound file
--help Show this message and exit
┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡file file_example_WAV_2MG.wav file_example_WAV_2MG.wav: RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 16000 Hz
┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡stegolsb wavsteg -h -i file_example_WAV_2MG.wav -n 2 -s flag.txt -o lol
Using 2 LSBs, we can hide 268237 bytes Files read in 0.03s 26 bytes hidden in 0.01s
Output was written in 0.00s

so successfully flag.txt is embedded into the wav file with the name of lol lol too a wav file!

┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡file lol
lol: RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 16000 Hz

so how can we extract flag.txt from lol.wav?

┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡stegolsb wavsteg -r -i lol.wav -n 2 -o extracted_flag.txt -b 25

┌──(kali㉿kali)-[~/hacklido/steg]
└─$ ⚡ cat extracted_flag.txt hacklido{i_love_hacklido}

═════════════════════════════════════════════

#4 Stegosuite

stegosuite-(used by vn)

sudo apt install stegosuite

Open stegosuite

stegosuite

flag{what_if_vn_become_ceo_of_dash}

flag{what_if_vn_become_ceo_of_dash}

is embedded into the image with the password ‘vn’ to extract do the same thing with the extract option and password

That's All

═════════════════════════════════════════════

#5 Stegsnow

  • what if there is a flag.txt file but not visible to us?
  • snow eye stegsnow

Stegsnow is a tool for concealing messages in text files by appending tabs and whitespaces at the end of lines. The encoding used by snow relies on the fact that whitespaces and new lines won’t be displayed in text editors

Whats in flag.txt

┌──(kali㉿kali)-[~/hacklido/steg/stegsnow]
└─$ ⚡cat flag.txt
hacklido is rocking !!!

┌──(kali㉿kali)-[~/hacklido/steg/stegsnow] 
└─$ ⚡sudo stegsnow -C -m "flag{i-love-hacklido}" flag.txt super.txt
Compressed by 24.40% Message exceeded available space by approximately 504.76%. An extra 4 lines were added.

so now whats in super.txt?

┌──(kali㉿kali)-[~/hacklido/steg/stegsnow]
└─$ ⚡cat super.txt
hacklido is rocking !!!

Even There is nothing after a stegsnow conceal

-C is used for both things super.txt is our super-secret flag // how?

let’s decode ~

┌──(kali㉿kali)-[~/hacklido/steg/stegsnow] 
└─$ ⚡stegsnow -C super.txt
flag{i-love-hacklido}

BOOM

═════════════════════════════════════════════

#6 Embedding a Zip into a PNG

let’s hide a zip file inside a png without any tool

  • write a flag in a flag.txt and zip a whole directory
    our secret:
┌──(kali㉿kali)-[~/hacklido/steg/pj/secret]
└─$ ⚡cat flag 12
lol this is literally a secret 123

to zip

┌──(kali㉿kali)-[~/hacklido/steg/pj] 
└─$ ⚡zip -r secret.zip secret

secret.zip just has flag.txt so, how can we hide into the png without any tools?

simple but cool # Cat

┌──(kali㉿kali)-[~/hacklido/steg/pj]
└─$ ⚡cat hacklido.png secret.zip > pj_sec.png

chall is ready so how can we extract the secret.zip from png?

Binwalk, unzip, foremost, etc

┌──(kali㉿kali)-[~/hacklido/steg/pj] 
└─$ ⚡binwalk -e pj_sec.png
DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 PNG image, 225 x 225, 8-bit/color RGB, non-interlaced 41 0x29 Zlib compressed data, best compression 13386 0x344A Zip archive data, at least v1.0 to extract, name: secret/ 13451 0x348B Zip archive data, at least v1.0 to extract, compressed size: 36, uncompressed size: 36, name: secret/flag 13714 0x3592 End of Zip archive, footer length: 22

after binwalk > navigate into the folder> secret > flag

and also

┌──(kali㉿kali)-[~/hacklido/steg/pj]
└─$ ⚡unzip pj_sec.png
Archive: pj_sec.png warning [pj_sec.png]
13386 extra bytes at beginning or within zipfile (attempting to process anyway)
creating: secret/
extracting: secret/flag

BOOM

═════════════════════════════════════════════

#7 Out Guess

let’s guess out of the box

> I just meant outguess

sudo apt install outguess

┌──(kali㉿kali)-[~/hacklido/steg/out] 
└─$ ⚡outguess -d flag.txt logo.jpg output_secret.jpg

Reading logo.jpg.... JPEG compression quality set to 75 Extracting usable bits: 39822 bits Correctable message size: 16611 bits, 41.71% Encoded : 192 bits, 24 bytes Finding best embedding... 0: 133(59.4%)
[69.3%], bias 62(0.47), saved: -4, total: 0.33% 1: 107(47.8%)[55.7%], bias 59(0.55), saved: -1, total: 0.27% 18: 103(46.2%)[53.6%], bias 45(0.44), saved: 0, total: 0.26% 31: 98(43.8%)[51.0%], bias 38(0.39), saved: 0, total: 0.25% 31, 136: Embedding data: 192 in 39822 Bits embedded: 224, changed: 98(43.8%)[51.0%], bias: 38, tot: 39860, skip: 39636 Foiling statistics: corrections: 72,
failed: 0, offset: 280.966667 +- 329.817346 Total bits changed: 136 (change 98 + bias 38) Storing bitmap into data...
Writing output_secret.jpg...

so now output_secret.jpg is our chall

looks like an ordinary image

How to retrieve the flag? -r retrieve the message from data

┌──(kali㉿kali)-[~/hacklido/steg/out] 
└─$ ⚡outguess -r output_secret.jpg
output Reading
output_secret.jpg.... Extracting usable bits: 39822 bits Steg retrieve: seed: 31, len: 24
┌──(kali㉿kali)-[~/hacklido/steg/out]
└─$ ⚡cat output flag{be_out_of_the_b0x}

also if you need to enc with the key :
-[kK] <key> key
that’s all !

═════════════════════════════════════════════

#8 Deep Sound

let's dive deep into some sounds

download

DeepSound is a steganography tool and audio converter that hides secret data into audio files. The application also enables you to extract secret files directly from audio files or audio CD tracks. DeepSound might be used as copyright marking software for wave, FLAC, WMA, ape, and audio CD.

WINDOWS ALERT..

install deep sound its too steg tool

let’s encode using the password: vn

Chall ready to extract just open carrier file then enter the powerful “vn”

lol, this is the secret!

═════════════════════════════════════════════

# 9 StegPy

Simple steganography program based on the LSB method.

Written in PYTHON link

$ pip3 install stegpy

1. hide >> stegpy “message to hide” hidden_inside.png
2. extract >> stegpy _image_name.png

Our mission to hide the flag (flag{its_her0_time})
and retrieve the same flag from the image

┌──(root💀kali)-[/home/kali/hacklido/steg/stegpy]
└─# stegpy "flag{its_her0_time}" hacklido.png
Host dimension: 151,875 bytes Message size: 30 bytes Maximum size: 37,968 bytes Ok. Information encoded in _hacklido.png

To retrieve Flag :

┌──(root💀kali)-[/home/kali/hacklido/steg/stegpy]
└─# stegpy _hacklido.png
flag{its_her0_time}Lets do the same thing with password -p flag password = vn now!

═════════════════════════════════════════════

#10 Openstego

OpenStego is a steganography application that provides two functionalities:

a) Data Hiding: It can hide any data within an image file.

b) Watermarking: Watermarking image files with an invisible signature. It can be used to detect unauthorized file copying

https://github.com/syvaidya/openstego/releases/download/openstego-0.8.0/openstego_0.8.0-1_all.deb Deb Link

sudo dpkg -i openstego.deb

it's slightly the same syntax like steghide

The first argument must be a command. Valid commands are:embed, –embed Embed message into cover file
extract, –extract Extract message from stego file
gensig, –gensig Generate a signature for watermarking
embedmark, –embedmark Watermark a cover file using signature
checkmark, –checkmark Checks for watermark presence in the file
algorithms, –algorithms List down supported steganography algorithms
readformats –readformats List down supported formats for cover file
and so –help make sense

so first of all our flag is > hacklido{please_Help_me}

To Hide :

┌──(root💀kali)-[/home/kali/hacklido/steg/openstego] 
└─# openstego embed -mf flag -sf hacklido.png

flag is the file that contains our flag .. Chall is ready

rm flag

because we don't need this now let's extract them from hacklido.png

Extract >> :

-mf, — messagefile Source message/data file. If this option is not provided or — is provided as the value then the message data is read from stdin

-sf, — stegofile Output stego file containing the embedded message. If this option is not provided or — is provided as the value then the stego file is written to stdout

┌──(root💀kali)-[/home/kali/hacklido/steg/openstego] 
└─# openstego extract -sf hacklido.png
Extracted file: flag
┌──(root💀kali)-[/home/kali/hacklido/steg/openstego]
└─# cat flag hacklido{please_Help_me}

═════════════════════════════════════════════

#11 AudioStego

Audio steganography

AudioStego Audio file steganography. Hides text or files inside audio files and retrieve them automatically. It actually supports only .mp3 and .wav files as inputs, but you can hide whatever kind of file or text on them

ahh it's not only audio stuff lol

https://github.com/danielcardeenas/AudioStego/blob/master/BuildRelease/HideMeIn?raw=true

> Hiding data In order to hide a file inside another file

./hideme file_used_to_hide_data file_to_hide

Or if you want to hide a string on it

./hideme file_used_to_hide_data “‘Message to hide’”

(Notice the simple quotation inside double quotes)

Both will output a clone of the file with the hidden data as output.(file extension) Retrieving hidden data

In order to retrieve a hidden message just set the “-f” or “ — find” flag:

./hideme [file_with_hidden_data] -f

┌──(root💀kali)-[/home/kali/hacklido/steg/audio+steg]
└─# hidemein ./hacklido.jpeg "'flag{flag_is_life}'"
Doing it boss! Spreading level: 148 Header wrote File has been savedas: output.jpeg Hiding process has finished successfully. Cleaning memory... ┌──(root💀kali)-[/home/kali/hacklido/steg/audio+steg]
└─# ls
hacklido.jpeg output.jpeg

chall is ready with a name of output just rename !!

Nice

═════════════════════════════════════════════

#12 Stylesuxx

so what about some online tools

yep that’s too interesting one let’s do 2 challs using online sites steganography_online

  • click > encode
  • scroll down
  • save as the pic

let’s try to decode the secret from the image

flag: flag{i_did_for_hacklido}

═════════════════════════════════════════════

# 13 Future Boy steg

Future_boy

These pages use the steghide program to perform steganography, and the files generated are fully compatible with steghide lol

WE GOT < WHAT WE DID

═════════════════════════════════════════════

# DONE, THATS ALL FOR NOW TRY THEM ALL :)

//And also there are lots of tools and techniques to do steg soon I will cover more interesting things , I just covered few things, hope you like it

Thanks For Reading :)

PS : Thanks Hacklido for The logo :)

#cyberpj,#hacklido,#lets_create_ctf_challs, #ctf, #steg, #foren, #jeopardy #tamilctf #ctfplayer #0xcyberpj

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
P4ul Jeremi4h

P4ul Jeremi4h

Just a CTFer | Ctftime @cyberpj | Student