Results 1 to 4 of 4

Thread: Steganography on the fly

  1. #1
    prowl3r
    Guest

    Default Steganography on the fly

    My brother just asked me to send him some sensitive information. I decided to hide the info in a mail attachment. So I'll be sharing this with you.

    First I installed steghide from the repositories.

    Code:
    root@wireless-service:~/secrets# cat /etc/issue
    BackTrack 4 PwnSauce \n \l
    
    root@wireless-service:~/secrets# uname -a
    Linux wireless-service 2.6.30.5 #1 SMP Wed Aug 26 16:47:02 EDT 2009 i686 GNU/Linux
    root@wireless-service:~/secrets# aptitude install steghide
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    Reading extended state information
    Initializing package states... Done
    The following NEW packages will be installed:
      libmcrypt4{a} libmhash2{a} steghide
    0 packages upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
    Need to get 384kB of archives. After unpacking 1176kB will be used.
    Do you want to continue? [Y/n/?] y
    Writing extended state information... Done
    Get:1 http://archive.offensive-security.com pwnsauce/universe libmcrypt4 2.5.7-5ubuntu1 [81.2kB]
    Get:2 http://archive.offensive-security.com pwnsauce/main libmhash2 0.9.9-1 [133kB]
    Get:3 http://archive.offensive-security.com pwnsauce/universe steghide 0.5.1-9 [170kB]
    Fetched 384kB in 2s (185kB/s)
    Selecting previously deselected package libmcrypt4.
    (Reading database ... 205446 files and directories currently installed.)
    Unpacking libmcrypt4 (from .../libmcrypt4_2.5.7-5ubuntu1_i386.deb) ...
    Selecting previously deselected package libmhash2.
    Unpacking libmhash2 (from .../libmhash2_0.9.9-1_i386.deb) ...
    Selecting previously deselected package steghide.
    Unpacking steghide (from .../steghide_0.5.1-9_i386.deb) ...
    Processing triggers for man-db ...
    Setting up libmcrypt4 (2.5.7-5ubuntu1) ...
    
    Setting up libmhash2 (0.9.9-1) ...
    
    Setting up steghide (0.5.1-9) ...
    Processing triggers for libc6 ...
    ldconfig deferred processing now taking place
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    Reading extended state information
    Initializing package states... Done
    Writing extended state information... Done
    root@wireless-service:~/secrets#
    Then I got a .jpg file and put the info inside a .txt file.

    Code:
    root@wireless-service:~/secrets# ls -l
    total 72
    -rw-r--r-- 1 root root 65140 Oct 29 13:35 pills.jpg
    -rw-r--r-- 1 root root  1689 Oct 29 13:41 secret.txt
    root@wireless-service:~/secrets#
    I checked how much info I can insert for this particular image file. The bigger the file, the more info you can drop into it.

    Code:
    root@wireless-service:~/secrets# steghide info pills.jpg
    "pills.jpg":
      format: jpeg
      capacity: 2.3 KB
    Try to get information about embedded data ? (y/n) n
    root@wireless-service:~/secrets#
    Now, inject the data into the image.

    Code:
    root@wireless-service:~/secrets# steghide embed -cf pills.jpg -ef secret.txt
    Enter passphrase:
    Re-Enter passphrase:
    embedding "secret.txt" in "pills.jpg"... done
    root@wireless-service:~/secrets# ls -l
    total 52
    -rw-r--r-- 1 root root 46852 Oct 29 13:50 pills.jpg
    -rw-r--r-- 1 root root  1689 Oct 29 13:41 secret.txt
    root@wireless-service:~/secrets#
    To decode and extract the file:

    Code:
    root@wireless-service:~/secrets# rm secret.txt
    root@wireless-service:~/secrets# ls -l
    total 48
    -rw-r--r-- 1 root root 46852 Oct 29 13:50 pills.jpg
    root@wireless-service:~/secrets# steghide extract -sf pills.jpg
    Enter passphrase:
    wrote extracted data to "secret.txt".
    root@wireless-service:~/secrets# ls -l
    total 52
    -rw-r--r-- 1 root root 46852 Oct 29 13:50 pills.jpg
    -rw-r--r-- 1 root root  1689 Oct 29 13:51 secret.txt
    root@wireless-service:~/secrets#
    "A picture is worth a thousand words"

  2. #2
    Junior Member
    Join Date
    Sep 2009
    Posts
    43

    Default

    Great tool, thank you.

    By the way it works with audio files too owyeah

    $ steghide info received_file.wav
    "received_file.wav":
    format: wave audio, PCM encoding
    capacity: 3.5 KB
    Try to get information about embedded data ? (y/n) y
    Enter passphrase:
    embedded file "secret.txt":
    size: 1.6 KB
    encrypted: rijndael-128, cbc
    compressed: yes

  3. #3
    Junior Member Isohump's Avatar
    Join Date
    Sep 2009
    Posts
    63

    Default

    Great tutorial
    One day your life will flash before your eyes. Make sure its worth watching.

  4. #4
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Quote Originally Posted by Isohump View Post
    Nice tut I have a question can u embed it with a payload like Social Engineering Toolkit.
    Its not self extracting for 1 and 2 if there is nothing to exploit they would need to execute it. You will probably want to look into either the new GDI flaw "pics", metsploit or origami for pdf's .. or any slew of the various divx flaws.

    Also never underestimate a good social engineering attack. I could load up a linux or windows binary rite now with a msf payload post it as a patch or a game depending on what the person likes, and as there happily enjoying there media im happily enjoying there box.

    ################################################## ###################

    @prowl3r
    <nitpick>
    highlight the relevant commands
    </nitpick>

    Also for everyone else this might come in handy .. before wrapping your text file up give it this quick command with a nice big pass.

    openssl des3 -salt -in "$IN-NAME" -out "$OUT-NAME"
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •