CTF All The Things
  • CTF All The Things
  • Useful Stuff
    • Bash-fu
    • Bash mkdir and cd
    • Upgrade Shell
    • Static Binaries
  • Discovery & Scanning
    • NMAP
    • Gobuster
    • SMB
    • SNMP
    • SQLMap
    • Hydra
    • Nikto
    • WPScan
    • Joomla
    • TCPDump
  • Gaining Access
    • Remote Desktop
    • Evil-WinRM
    • Reverse Shells
    • Web Shells
    • SSH Port Forwarding
  • Enumeration & Exploitation
    • Things To Check First
    • Enumeration Scripts
    • Capabilties
    • SUID Binaries
    • Active Services
    • Port Enumeration
    • Steganography
    • Cracking Hashes
  • Reversing
  • Exfiltration
    • Netcat Redirect
    • SSH/SCP
    • Bash wget
    • HTTP Server
  • Maintaining Access
  • Pencer CTF Blog
Powered by GitBook
On this page
Edit on GitHub
  1. Enumeration & Exploitation

Steganography

PreviousPort EnumerationNextCracking Hashes

Last updated 2 years ago

Find data hidden inside picture files.

Use StegHide to extract:

root@kali:~/thm/lianyu# steghide extract -sf aa.jpg
Enter passphrase:
steghide: could not extract any data with that passphrase!

If password proteted use to try and brute force:

root@kali:~/thm/lianyu# pip3 install stegcracker
Collecting stegcracker
  Downloading stegcracker-2.0.8-py3-none-any.whl (9.5 kB)
Installing collected packages: stegcracker
Successfully installed stegcracker-2.0.8

root@kali:~/thm/lianyu# stegcracker aa.jpg
StegCracker 2.0.8 - (https://github.com/Paradoxis/StegCracker)
Copyright (c) 2020 - Luke Paris (Paradoxis)
Counting lines in wordlist..
Attacking file 'aa.jpg' with wordlist '/usr/share/wordlists/rockyou.txt'..
Successfully cracked file with password: <<hidden>>
Tried 4 passwords
Your file has been written to: aa.jpg.out

Can also use binwalk to extract hidden content in png:

binwalk -e nineveh.png

StegCracker