Steganography in Linux made easy

Let's start practicing.
Let's install the necessary utilities:

sudo apt update; apt install stegcracker steghide stegosuite binwalk stegseek

Next there will be examples of working with steganography utilities, steganalysis and hacking stegosystem passwords.
Let's create a folder with files inside it (see screenshot below, display the contents of the folder using the ls command).

We create a stegosystem using the steghide utility (of course we set the password):

steghide embed -cf 1.jpg -ef secret.txt

Before checking, be sure to delete the desired text secret.txt (rm secret.txt).
We check (of course we enter the password):

steghide extract -sf 1.jpg

After use, the desired text file appears in the folder again.

After use, the desired text file appears in the folder again.

The stegosystem is working, there is a text file inside the image.
When creating the stego container, we set a password. Now let's try to crack the password of our steg storage using a brute force attack using the Stegcracker utility:

stegcracker 1.jpg realyBest.txt

In this case, realyBest.txt is a password dictionary.
Execution result:

The stegseek utility has a similar syntax and attack method:

stegseek 1.jpg realyBest.txt

(By the way, the password dictionary is here https://github.com/empty-jack/YAWR/blob/master/brute/passwords/realyBest.txt)

In general, this example is very good for beginners who are getting acquainted with information security in order to find out what brute force is (cracking a password using an automated dictionary search). But let's continue further.

Let's remove everything unnecessary (command rm file1 file2 ….) and leave one png image and a zip archive. The fact is that in Linux systems, using the cat command, it is possible to merge several files into one. Moreover, the file that appears first in the syntax will “absorb” the remaining files. Syntax:

cat 3.png secret.zip >> 3.png

In this case, the image “absorbed” the zip file with secret.txt inside the archive, but the functionality of the archive was not impaired. Delete the zip archive using the rm command.
To analyze this kind of stegosystem, you can use the binwalk utility:

binwalk 3.png

In the screenshot below you can see the output, and also that there is an archive hidden inside the picture.
Knowing that the picture contains a zip inside, we can easily unzip it with the command:

unzip 3.png

Let's check ls and see that there are again two files in the directory and the contents of the archive are again in the directory.

In addition, Linux systems have an amazing GUI utility called stegosuite. It is very simple and pleasant to use.
It is worth remembering that stegosystems are sometimes very fragile systems. For example, when transferring a stegosystem file through some messengers, the extra metadata of the file is “cut off” by the messenger and as a result we get just a picture, without any storage hidden in it.

Thanks for reading. Until next time.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *