My brother just asked me to send him some sensitive information. I decided to hide the info in a mail attachment. So I'll be sharing this with you.
First I installed steghide from the repositories.
Code:
root@wireless-service:~/secrets# cat /etc/issue
BackTrack 4 PwnSauce \n \l
root@wireless-service:~/secrets# uname -a
Linux wireless-service 2.6.30.5 #1 SMP Wed Aug 26 16:47:02 EDT 2009 i686 GNU/Linux
root@wireless-service:~/secrets# aptitude install steghide
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
The following NEW packages will be installed:
libmcrypt4{a} libmhash2{a} steghide
0 packages upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 384kB of archives. After unpacking 1176kB will be used.
Do you want to continue? [Y/n/?] y
Writing extended state information... Done
Get:1 http://archive.offensive-security.com pwnsauce/universe libmcrypt4 2.5.7-5ubuntu1 [81.2kB]
Get:2 http://archive.offensive-security.com pwnsauce/main libmhash2 0.9.9-1 [133kB]
Get:3 http://archive.offensive-security.com pwnsauce/universe steghide 0.5.1-9 [170kB]
Fetched 384kB in 2s (185kB/s)
Selecting previously deselected package libmcrypt4.
(Reading database ... 205446 files and directories currently installed.)
Unpacking libmcrypt4 (from .../libmcrypt4_2.5.7-5ubuntu1_i386.deb) ...
Selecting previously deselected package libmhash2.
Unpacking libmhash2 (from .../libmhash2_0.9.9-1_i386.deb) ...
Selecting previously deselected package steghide.
Unpacking steghide (from .../steghide_0.5.1-9_i386.deb) ...
Processing triggers for man-db ...
Setting up libmcrypt4 (2.5.7-5ubuntu1) ...
Setting up libmhash2 (0.9.9-1) ...
Setting up steghide (0.5.1-9) ...
Processing triggers for libc6 ...
ldconfig deferred processing now taking place
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
Writing extended state information... Done
root@wireless-service:~/secrets#
Then I got a .jpg file and put the info inside a .txt file.
Code:
root@wireless-service:~/secrets# ls -l
total 72
-rw-r--r-- 1 root root 65140 Oct 29 13:35 pills.jpg
-rw-r--r-- 1 root root 1689 Oct 29 13:41 secret.txt
root@wireless-service:~/secrets#
I checked how much info I can insert for this particular image file. The bigger the file, the more info you can drop into it.
Code:
root@wireless-service:~/secrets# steghide info pills.jpg
"pills.jpg":
format: jpeg
capacity: 2.3 KB
Try to get information about embedded data ? (y/n) n
root@wireless-service:~/secrets#
Now, inject the data into the image.
Code:
root@wireless-service:~/secrets# steghide embed -cf pills.jpg -ef secret.txt
Enter passphrase:
Re-Enter passphrase:
embedding "secret.txt" in "pills.jpg"... done
root@wireless-service:~/secrets# ls -l
total 52
-rw-r--r-- 1 root root 46852 Oct 29 13:50 pills.jpg
-rw-r--r-- 1 root root 1689 Oct 29 13:41 secret.txt
root@wireless-service:~/secrets#
To decode and extract the file:
Code:
root@wireless-service:~/secrets# rm secret.txt
root@wireless-service:~/secrets# ls -l
total 48
-rw-r--r-- 1 root root 46852 Oct 29 13:50 pills.jpg
root@wireless-service:~/secrets# steghide extract -sf pills.jpg
Enter passphrase:
wrote extracted data to "secret.txt".
root@wireless-service:~/secrets# ls -l
total 52
-rw-r--r-- 1 root root 46852 Oct 29 13:50 pills.jpg
-rw-r--r-- 1 root root 1689 Oct 29 13:51 secret.txt
root@wireless-service:~/secrets#
"A picture is worth a thousand words"
Steganography on the fly
Originally Posted by Isohump
Posting Permissions
