Steganography and Hidden Data

Cracking
ToxSec

Steganography and Hidden Data

Steganography is the practice of hiding one set of information within another in such a way that it is difficult to detect or recognize. This is often done by embedding data, such as text or images, within another data format, like an image or audio file, without significantly altering the appearance of the carrier file. Here is a cheat sheet to extract that information:

Strings

View Text in Image:

  • Extract text hidden within an image using the “strings” command:

strings image.jpg

Filter for Specific Keywords:

  • Search for specific keywords within the extracted text:

strings image.jpg | grep "keyword"

Count Occurrences:

  • Count the occurrences of a keyword in the extracted text:

strings image.jpg | grep -c "keyword"

Sort and Unique Lines:

  • Sort and list unique lines in the extracted text:

strings image.jpg | sort | uniq

Redirect Output to a File:

  • Save the extracted text to a file for further analysis:

strings image.jpg > extracted_text.txt

Display Context Lines:

  • Show context lines before and after a keyword occurrence:

strings -C image.jpg | grep "keyword"

Exiftool

View Metadata:

  • Display metadata information from an image:

exiftool image.jpg

List All Tags:

  • List all available Exif tags for an image:

exiftool -a image.jpg

Extract Specific Tag:

  • Extract a specific Exif tag (e.g., ImageDescription):

exiftool -ImageDescription image.jpg

Batch Processing:

  • Apply Exiftool commands to multiple files in a directory:

exiftool -ImageDescription="CTF Flag" -Title="My Title" *.jpg

Binwalk

Basic Analysis:

  • Analyze an image file:

binwalk image.jpg

Extract Embedded Files:

  • Extract all embedded files:

binwalk --dd='.*' image.jpg

Extract Specific File Type:

  • Extract files of a specific type (e.g., Zip):

binwalk -e .zip image.jpg

Carve Data from File:

  • Extract data from a specific file using byte offset:

dd if=image.jpg bs=1 skip=OFFSET count=SIZE of=output.bin

Force Extraction:

  • Force extraction of data even without a valid signature:

binwalk --opcodes image.jpg

Steghide

Embed Data in an Image:

  • Embed a text file within an image (use -cf for a cover file and -ef for the file to embed):

steghide embed -cf cover_image.jpg -ef secret.txt

Extract Data from an Image:

  • Extract hidden data from an image file (use -sf for the stego file):

steghide extract -sf stego_image.jpg

Set a Custom Passphrase:

  • Use a custom passphrase for embedding or extracting data:

steghide embed -cf cover_image.jpg -ef secret.txt -p YourPassphrase
steghide extract -sf stego_image.jpg -p YourPassphrase

List Supported Algorithms:

  • List the supported steganography algorithms:

steghide info

Check for Hidden Data:

  • Check if an image contains hidden data:

steghide info stego_image.jpg

Display Embedded File Info:

  • Display information about the embedded file without extracting it:

steghide info -p YourPassphrase -sf stego_image.jpg

Recover Hidden Data as a File:

  • Recover hidden data as a file and specify the output filename:

steghide extract -sf stego_image.jpg -xf output.txt

Brute Force Passphrase:

  • Brute force the passphrase for extraction (use -xf for the output file):

steghide extract -sf stego_image.jpg -xf output.txt -p ''

Back To Top