-->

ABOUT US

Our development agency is committed to providing you the best service.

OUR TEAM

The awesome people behind our brand ... and their life motto.

  • Kumar Atul Jaiswal

    Ethical Hacker

    Hacking is a Speed of Innovation And Technology with Romance.

  • Kumar Atul Jaiswal

    CEO Of Hacking Truth

    Loopholes are every major Security,Just need to Understand it well.

  • Kumar Atul Jaiswal

    Web Developer

    Techonology is the best way to Change Everything, like Mindset Goal.

OUR SKILLS

We pride ourselves with strong, flexible and top notch skills.

Marketing

Development 90%
Design 80%
Marketing 70%

Websites

Development 90%
Design 80%
Marketing 70%

PR

Development 90%
Design 80%
Marketing 70%

ACHIEVEMENTS

We help our clients integrate, analyze, and use their data to improve their business.

150

GREAT PROJECTS

300

HAPPY CLIENTS

650

COFFEES DRUNK

1568

FACEBOOK LIKES

STRATEGY & CREATIVITY

Phasellus iaculis dolor nec urna nullam. Vivamus mattis blandit porttitor nullam.

PORTFOLIO

We pride ourselves on bringing a fresh perspective and effective marketing to each project.

Showing posts with label steganography. Show all posts
Showing posts with label steganography. Show all posts
  • TryHackMe PyLon walkthrough

     

     


     

     

     

    The platform develops virtual classrooms that not only allow users to deploy training environments with the click of a button, but also reinforce learning by adding a question-answer approach. Its a comfortable experience to learn using pre-designed courses which include virtual machines (VM) hosted in the cloud.

    TryHackMe PyLon walkthrough


    While using a question-answer model does make learning easier, TryHackMe allows users to create their own virtual classrooms to teach particular topics enabling them to become teachers. This not only provides other users with rich and varied content, but also helps creators reinforce their understanding of fundamental concepts.
      

     

    Good day hacker, Spend more time in the CLI as much as you can, For that’s where we belong. Can you penetrate the defenses and become root?TryHackMe PyLon walkthrough


    In Task 1 first of all we will download the file provieded, and the name is pepper.jpg  ( JPG ) ( Yaa MaN we will download the photo of this doggie!!! )





    Are we going to use NMAP tool, maybe nops, we use a exiftool because we already steghide tool but doesn't have any clue. so, A command-line interface to Image::ExifTool, used for reading and writing meta information in a variety of file types.



    For More Info steghide, zsteg, exiftool, stegoveritas, sonic-visualiser -- CLICK HERE

     


    exiftool jpg

     

     


     

     

    https://gchq.github.io/CyberChef/#recipe=To_Hex('None',0)To_Base85('!-u',false)

     

    so, as you can see we have some clue (link) which we will use later.

     

     


     

     

    so as i told you, we must have a password for use steghide tool, (maybe i am saying right now hahahahh whats matter!!! )

     

    Let's move forward

     

     


     

    For take a password, we will use stegbrute tool.

     

    Crack Password

     

     
    sudo wget https://github.com/R4yGM/stegbrute/releases/download/0.1.1/stegbrute

    sudo chmod +x stegbrute

    sudo mv stegbrute /usr/local/bin/

     



    Yaa man!! tool successfully installed, as you can see...lets naacho!!!






    Cracking Time


    stegbrute -f jpg -w /home/hackerboy/Documents/rockyou.txt

    and the password is: pepper

     

     

     


     

     

    Now we will use steghide tool to extract a file and check what is the things that inside the file...

     

    steghide extract -sf jpg

     

    Oh! wrote extracted data to "lone"

     

     

     


     

    lets check whats inside the data...

     

    cat lone   🐈🐯🐱😸🐈🐯🐱😸

     

     
    This SSH key is unencrypted and will allow us to connect to the machine.





    Next, we will convert lone(ASCII Text) into tzip


    ls

    file lone (check a file type)

    base64 -d lone > lone.decoded

    sudo cp lone.decoded lone.tgz (for copy into new file)

    file lone.tgz

    sudo tar -xcf lone.tgz (for extract)


    Finally we got a lone_id, which we will use later with SSH






     

     

     

    Next step is port mapping, using nmap, rustscan, whatever, reveals the following TCP ports open


    sudo nmap -A -T4 -Pn -sV  $IP


     


     

     

     

    Now, we access SSH with using lone_id and port number 222 because its doesn't work with port 22

     

    ssh lone@10.10.60.44 -i lone_id -p222

     

     

     


     

     

    We are presented with this screen.

    This is where the CyberChefrecipe will probably come in to play.

    If you are good at guessing, it will be the same password as the stegfile, so let’s try that



    https://gchq.github.io/CyberChef/#recipe=To_Hex('None',0)To_Base85('!-u',false)



     

     

     
     
     
     



     

     

     


    Selecting 1 we are given 2 options


     

     


     

     

     


     

     

     We now have flag1 and a password, so let’s try those on port 22.



     


     

     

    ssh lone@10.10.106.221

     

     

     


     

     

     
    We also have a couple more interesting file’s / folders to look at, one being a file encrypted with gpg the other being a folder with the sources for the password manager and a .git folder.



     

     


     



     
    let's check history  



    git log 








    Nothing immediately obvious pops up in the pylon folder, so let’s see if there are any files in a previous commit that may help us.






     

    We can see some files have changed here and an interesting .db file appears.


    Running the pyLon_pwMan.py with python3, the program informs us that the database file exists and prompts us for the encryption key, now if you are a good guess, you will try the same encryption key as before.






    We can see some files have changed here and an interesting .db file appears.-Running the 

     

    pyLon_pwMan.py with python3

     

    The program informs us that the database file exists and prompts us for the encryption key, now if you are a good guess, you will try the same encryption key as before.






    select option 2






    and then 1







    we got a another password









    Decrypting the ‘note_from_pood.gpg’ file gives us the password to shift horizontally to another user, but first let’s see what lone can do with sudo.



    gpg -d note_from_pood.gpg


    and now we got another(another) password







    sudo -l



    Interesting we can run openvpn as root, but only using a specific config file, poodhas asked us to fix the config and has given us access to his account, so let’s switch to him





    su pood 

    and the password is -



     


      

     

    sudo -l

     




    Now we have user2 flag, and we can see that pood can edit the openvpn config file that lone was allowed to run, so what now?


     

     







    Reading the man page for openvpn we see that we can run a script on successful connection to a VPN server, so lets write a script to take control of the machine.



    man openvpn





    This one...








    There are many ways to do this, butthe usual trick of copying /bin/bash to /tmp and setting the binary SUID should do the job, I knock up a quick shell script.



    vi /tmp/up.sh


    For add a word type -i

    for exit and save escape and then :wq and enter. thats it.


     

    then, we give some permission


    chmod 777 /tmp/up.sh

     

    Don’t forget to make it executable, now we must edit the config file.


    sudoedit /opt/openvpn/client.ovpn



















    Add a couple of lines to the config and save, now exit out of the su shell and go back to lone, connect to the openvpn server and our script should run as root on successful connection.











    The connection was successful so let’s disconnect and check out /tmp/bash



    cd /tmp

     





    As expected, the binary was created, we can now escalate to root.

     

     








    Great another gpgencrypted file, I can see a lot of people tearing their hair out over this one, since we are only effectively root we cannot decrypt his message, so we will need a proper shell.


    gpg -d root.txt.gpg






    The way I dealt with that was to edit /etc/shadow, I copied a known hash into root’s position and then all we can su to root, in this case I just copy pasted pood’s hash as it is already known and easy to grab











    $6$ivWUkR1k$XnYAc7OJJ63P/lgYzNWLiFMydrOFP/qrARMNcjHX1H4sIGFEyVQKAOedWLDY2nHU8rxx7hABmr4JT3uM74Bm5.


    you can go this way too because pylon is in the sudo group





    su


    yn0ouE9JLR3h)`=I

     




    FINALLY, we got a flag (root flag)







    Disclaimer

     

    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal



    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)

     

  • TryHackMe CC Steganography Walkthrough



     

     

    TryHackMe CC Steganography 

     

    Steganography is the art of concealing data within some other data. A common example of this is embedding hidden text in an image file.
    This blog serves as an introduction to steganography and some of the tools you can use to embed and extract data within other data. TryHackMe CC Steganography



    To complete this every task you will need the following tools available to you:



        steghide
        zsteg
        exiftool
        stegoveritas
        sonic-visualiser



    Make sure you download the files needed to complete these tasks. You cannot answer some of the questions without them. Unzip spect.zip and you should have the files below.

    Note: Basic linux knowledge required.


    TryHackMe Website :- Cilck Here




    Steghide


    Steghide is one of the most famous steganography tools, and for good reason. It's a classic method, hiding a message inside an image, and steghide does it effectively and efficiently. A downside of steghide is that it only works on jpgs; however, that means that if you believe there is a hidden message inside a jpg, then steghide is a probable option.


    One of the greatest benefits of stegohide, is that it can encrypt data with a passphrase. Meaning that if they don't have the password then they can't extract any data.



    steghide can be installed with the command sudo apt install steghide


    You can find the answers to questions 1-6 by reading the man page or by running steghide –help.

    steghide includes 7 commands;

        embed
        extract
        info
        encinfo
        version
        license
        help




    encinfo, version, license, and help do not require arguments and are informational. embed, extract and info are the functional commands within steghide. Each has their own     set of arguments. These arguments can be found in the documentation.


    steghide command [ arguments ]

     

    To find the hidden message in jpeg1.jpeg, we need to use steghide’s extract command with the -sf argument. We can optionally specify the -p argument to skip the passphrase prompt, and the -xf argument to specify an output filename (default: a.txt).


    steghide extract -sf jpeg1.jpeg -p password123




    1. What argument allows you to embed data(such as files) into other files?

    Ans :- embed


    2. What flag let's you set the file to embed?

    Ans :- -ef

    3. What flag allows you to set the "cover file"?(i.e  the jpg)

    Ans :- -cf


    4. How do you set the password to use for the cover file?

    Ans :- -p


    5. What argument allows you to extract data from files?

    Ans :- extract


    6. How do you select the file that you want to extract data from?

    Ans :- -sf


    7. Given the passphrase "password123", what is the hidden message in the included "jpeg1" file.

    Ans :- pinguftw






    zsteg



    zsteg works much in the same way as steghide, except it is used for png and bmp files. You can find the answers to questions 1-4 by running zsteg -h.


    zsteg can work with a single argument; the filename. You can iterate over all known extraction methods with the -a flag. You can also specify parameters to constrain zsteg. There are many ways you can run a file through zsteg, but just specifying the filename is a good place to start.



    zsteg can be installed by using ruby with the command gem install zsteg


    To find png1.png’s hidden message, and the payload used to encrypt it,  you do not need to use any arguments with zsteg.


    zsteg png1.png



    1. How do you specify that the least significant bit comes first

    Ans :- --lsb

    2. What about the most significant bit?

    Ans :- --msb


    3. How do you specify verbose mode?

    Ans :- -v


    4. How do you extract the data from a specific payload?

    Ans :- -E


    5. In the included file "png1" what is the hidden message?

    Ans :- nootnoot$


    6. What about the payload used to encrypt it.

    Ans :- b1,bgr,lsb,xy






    exiftool



    exiftool is a great tool for working with metadata in image, audio, and video files. exiftool enables you to read, write, copy, and edit the metadata. It is interesting to note that exiftool can write to read-only files if the user has write permission in the directory.


    For more information about exiftool, including a full list of options, please see the man page, github page or author’s website.



    Exiftool can be installed with sudo apt install exiftool


    Using exiftool to extract metadata from jpeg3.jpeg is as simple as running the command with the filename as an argument.


    exiftool jpeg3.jpeg




    1. In the included jpeg3 file, what is the document name

    Ans :- Hello :)






    stegoveritas



    stegoveritas is a very diverse steganography tool that can extract all types of data from nearly every image, audio, or video file types. stegoveritas has default actions for most image types and will attempt to run on any file. It can extract metadata like exiftool, perform color corrections and adjustments, extract frames from animated gifs, and it also includes an option for steghide. For more actions (and to answer questions 1-3), run stegoveritas -h.



    Stegoveritas can be installed by running these two commands:

    • sudo apt-get install python3-pip
    • pip3 install stegoveritas
    • stegoveritas_install_deps





    To find jpeg2.jpeg’s hidden message we run the file as an argument into stegoveritas with no options specified.



    stegoveritas jpeg2.jpeg


    You will see that stegoveritas found something with steghide and placed it a newly created directory, results. This file contains our hidden message.





    1. How do you check the file for metadata?

    Ans :- -meta

     
    2. How do you check for steghide hidden information


    Ans :- -steghide

    3. What flag allows you to extract LSB data from the image?

    Ans :- extractls

     
    4 . In the included image jpeg2 what is the hidden message?


    Ans :- kekekekek




    Spectrograms



    Spectrogram stegonography is the art of hiding hidden an image inside in an audio file's spectogram. Therefore when ever dealing with audio stego it is always worth analyzing the spectrogram of the audio. To do this task we will be using Sonic Visualizer.


    Download :- Sonic Visualizer



    Note: This introduction will be done using the included wav1 file.


    When you open Sonic Visualizer you should see this screen:



     

     

    From there click File->Open and then select the included wav1 file and you should see a screen similar to this:

     


     





    From there click Layer->Add Spectrogram and you should see this:






    And that's it!




    1. What is the hidden text in the included wav2 file?


    Ans :- google



     

    Final Task


    Good luck and have fun!

    # Key 1

    Deploy your target machine and let's dig in. I did a port scan with nmap against the target and found port 80, a webserver running.

     

     


     

    Here's a preview of it

     


     

    I grabed the image file shown about to my local machine with wget. I found out that the image document name looks interesting.

     

     


     

    It specified a password. Maybe that would be the password needed for steghide to extract the hidden data that is existing in the image. Now to steghide.
     

     

     

    1. What is key 1?

    Ans :- superkeykey



    # Key 2

    I entered the key 1 in the input field and proceed to the next stage. Here's a quick look at it.

     


     

     

     
    There is a exam2.wav audio file to download. I downloaded the .wav file and open it with sonic-visualiser and added the spectrogram layer.

     


     

    Looks like a link to an imgur image. I downloaded the imgur image to my local machine to do further computations. Since this is a png image file I used zsteg to extract any hidden data.

     


     

    2. What is key 2?

    Ans :- fatality



    # Key 3

    Submitted the Key 2 and I was redirected to a new page where I should get the key 3




    This is a qrcode. Here is a veiw of it

     


     

    As you can see there is a additional with a color of light pink covering the image. So if we are to upload this QR code to an online decoder we would get an error. So my approach would be to remove this overlay color (Light Pink). So I downloaded stegsolve and opened the image and set the mode to Red plane 4 which looks pretty good.

     


     

    I got a screen shot of this and uploaded it to an online QR Decoder which worked.

     


     

    Finally found the key 3 Hooray !!!.

    3. What is key 3?

    Ans :-  killshot
     

     

     

     

     


    Disclaimer



    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal



    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)

     


  • WHAT WE DO

    We've been developing corporate tailored services for clients for 30 years.

    CONTACT US

    For enquiries you can contact us in several different ways. Contact details are below.

    Hacking Truth.in

    • Street :Road Street 00
    • Person :Person
    • Phone :+045 123 755 755
    • Country :POLAND
    • Email :contact@heaven.com

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation.