-->

  • TryHackMe CC Steganography Walkthrough



     

     

    TryHackMe CC Steganography 

     

    Steganography is the art of concealing data within some other data. A common example of this is embedding hidden text in an image file.
    This blog serves as an introduction to steganography and some of the tools you can use to embed and extract data within other data. TryHackMe CC Steganography



    To complete this every task you will need the following tools available to you:



        steghide
        zsteg
        exiftool
        stegoveritas
        sonic-visualiser



    Make sure you download the files needed to complete these tasks. You cannot answer some of the questions without them. Unzip spect.zip and you should have the files below.

    Note: Basic linux knowledge required.


    TryHackMe Website :- Cilck Here




    Steghide


    Steghide is one of the most famous steganography tools, and for good reason. It's a classic method, hiding a message inside an image, and steghide does it effectively and efficiently. A downside of steghide is that it only works on jpgs; however, that means that if you believe there is a hidden message inside a jpg, then steghide is a probable option.


    One of the greatest benefits of stegohide, is that it can encrypt data with a passphrase. Meaning that if they don't have the password then they can't extract any data.



    steghide can be installed with the command sudo apt install steghide


    You can find the answers to questions 1-6 by reading the man page or by running steghide –help.

    steghide includes 7 commands;

        embed
        extract
        info
        encinfo
        version
        license
        help




    encinfo, version, license, and help do not require arguments and are informational. embed, extract and info are the functional commands within steghide. Each has their own     set of arguments. These arguments can be found in the documentation.


    steghide command [ arguments ]

     

    To find the hidden message in jpeg1.jpeg, we need to use steghide’s extract command with the -sf argument. We can optionally specify the -p argument to skip the passphrase prompt, and the -xf argument to specify an output filename (default: a.txt).


    steghide extract -sf jpeg1.jpeg -p password123




    1. What argument allows you to embed data(such as files) into other files?

    Ans :- embed


    2. What flag let's you set the file to embed?

    Ans :- -ef

    3. What flag allows you to set the "cover file"?(i.e  the jpg)

    Ans :- -cf


    4. How do you set the password to use for the cover file?

    Ans :- -p


    5. What argument allows you to extract data from files?

    Ans :- extract


    6. How do you select the file that you want to extract data from?

    Ans :- -sf


    7. Given the passphrase "password123", what is the hidden message in the included "jpeg1" file.

    Ans :- pinguftw






    zsteg



    zsteg works much in the same way as steghide, except it is used for png and bmp files. You can find the answers to questions 1-4 by running zsteg -h.


    zsteg can work with a single argument; the filename. You can iterate over all known extraction methods with the -a flag. You can also specify parameters to constrain zsteg. There are many ways you can run a file through zsteg, but just specifying the filename is a good place to start.



    zsteg can be installed by using ruby with the command gem install zsteg


    To find png1.png’s hidden message, and the payload used to encrypt it,  you do not need to use any arguments with zsteg.


    zsteg png1.png



    1. How do you specify that the least significant bit comes first

    Ans :- --lsb

    2. What about the most significant bit?

    Ans :- --msb


    3. How do you specify verbose mode?

    Ans :- -v


    4. How do you extract the data from a specific payload?

    Ans :- -E


    5. In the included file "png1" what is the hidden message?

    Ans :- nootnoot$


    6. What about the payload used to encrypt it.

    Ans :- b1,bgr,lsb,xy






    exiftool



    exiftool is a great tool for working with metadata in image, audio, and video files. exiftool enables you to read, write, copy, and edit the metadata. It is interesting to note that exiftool can write to read-only files if the user has write permission in the directory.


    For more information about exiftool, including a full list of options, please see the man page, github page or author’s website.



    Exiftool can be installed with sudo apt install exiftool


    Using exiftool to extract metadata from jpeg3.jpeg is as simple as running the command with the filename as an argument.


    exiftool jpeg3.jpeg




    1. In the included jpeg3 file, what is the document name

    Ans :- Hello :)






    stegoveritas



    stegoveritas is a very diverse steganography tool that can extract all types of data from nearly every image, audio, or video file types. stegoveritas has default actions for most image types and will attempt to run on any file. It can extract metadata like exiftool, perform color corrections and adjustments, extract frames from animated gifs, and it also includes an option for steghide. For more actions (and to answer questions 1-3), run stegoveritas -h.



    Stegoveritas can be installed by running these two commands:

    • sudo apt-get install python3-pip
    • pip3 install stegoveritas
    • stegoveritas_install_deps





    To find jpeg2.jpeg’s hidden message we run the file as an argument into stegoveritas with no options specified.



    stegoveritas jpeg2.jpeg


    You will see that stegoveritas found something with steghide and placed it a newly created directory, results. This file contains our hidden message.





    1. How do you check the file for metadata?

    Ans :- -meta

     
    2. How do you check for steghide hidden information


    Ans :- -steghide

    3. What flag allows you to extract LSB data from the image?

    Ans :- extractls

     
    4 . In the included image jpeg2 what is the hidden message?


    Ans :- kekekekek




    Spectrograms



    Spectrogram stegonography is the art of hiding hidden an image inside in an audio file's spectogram. Therefore when ever dealing with audio stego it is always worth analyzing the spectrogram of the audio. To do this task we will be using Sonic Visualizer.


    Download :- Sonic Visualizer



    Note: This introduction will be done using the included wav1 file.


    When you open Sonic Visualizer you should see this screen:



     

     

    From there click File->Open and then select the included wav1 file and you should see a screen similar to this:

     


     





    From there click Layer->Add Spectrogram and you should see this:






    And that's it!




    1. What is the hidden text in the included wav2 file?


    Ans :- google



     

    Final Task


    Good luck and have fun!

    # Key 1

    Deploy your target machine and let's dig in. I did a port scan with nmap against the target and found port 80, a webserver running.

     

     


     

    Here's a preview of it

     


     

    I grabed the image file shown about to my local machine with wget. I found out that the image document name looks interesting.

     

     


     

    It specified a password. Maybe that would be the password needed for steghide to extract the hidden data that is existing in the image. Now to steghide.
     

     

     

    1. What is key 1?

    Ans :- superkeykey



    # Key 2

    I entered the key 1 in the input field and proceed to the next stage. Here's a quick look at it.

     


     

     

     
    There is a exam2.wav audio file to download. I downloaded the .wav file and open it with sonic-visualiser and added the spectrogram layer.

     


     

    Looks like a link to an imgur image. I downloaded the imgur image to my local machine to do further computations. Since this is a png image file I used zsteg to extract any hidden data.

     


     

    2. What is key 2?

    Ans :- fatality



    # Key 3

    Submitted the Key 2 and I was redirected to a new page where I should get the key 3




    This is a qrcode. Here is a veiw of it

     


     

    As you can see there is a additional with a color of light pink covering the image. So if we are to upload this QR code to an online decoder we would get an error. So my approach would be to remove this overlay color (Light Pink). So I downloaded stegsolve and opened the image and set the mode to Red plane 4 which looks pretty good.

     


     

    I got a screen shot of this and uploaded it to an online QR Decoder which worked.

     


     

    Finally found the key 3 Hooray !!!.

    3. What is key 3?

    Ans :-  killshot
     

     

     

     

     


    Disclaimer



    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal



    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)

     


  • 0 comments:

    Post a Comment

    For Any Tech Updates, Hacking News, Internet, Computer, Technology and related to IT Field Articles Follow Our Blog.