Beginners guide to steghide
Table of Contents:
1. Steganography
2. Steghide
3. Syntax of steghide
4. Practical guide to steghide
Introduction to Steganography
It is a technique which is used to hide secret data within a file or a message.Steganography can be combined with the encryption as an extra method to protect the data.
This technique can be used to hide any kind of digital data like text,image,audio and video.We can hide the data in any other digital data such as hiding an image within another image or hiding a text file within an image etc..
In context of CTF Challenges there can be an image with some hidden text in it.
for example an image may have hidden file like ".mysql_history" which can be used further to gain unauthorized access to the DataBase.Steganography with encryption is a very strong method to protect the secret data.
Introduction to Steghide
Steghide is a tool that can be used for steganography purpose.we can install this tool by executing the command : apt-get install steghide
Advantage of this tool is we can hide a many digital data within a digital data but to extract the data we need steghide tool . This means if the file is embedded by using this tool then file can only be extracted by using this tool.
To check the syntax we run the command : steghide --help
Practical guide to steghide
Now with the help of above syntax let's embed a text file in an image.
we created a text file with name hidden.txt and we want to embed this into the new.jpg image . command used :
steghide embed -ef /root/hidden.txt -cf /root/Downloads/new.jpg
it ask for the passphrase . so enter any passphrase you want!
-ef means embedded file
-cf means cover file
Extract file
We have successfully embedded the text file in the image but suppose, now the file is at the receiver end and they want the actual file that is "hidden.txt" .To extract the file we can use the command :
steghide extract -sf /root/Downloads/new.jpg
we have extracted the actual file from the image by using the above mentioned command where -sf means secrete file
when we executed this command it ask for the passphrase but with the help of -p command option we can give the password along with the command to extract the file as shown below
Now suppose we want the information about the embedded file then we can do this with the command : steghide info /root/Downloads/new.jpg -p my
As we can see in the above image that text file "hidden.txt" is encrypted by a default method but we can also choose other methods/algos to encrypt the file with.
Command used : steghide embed -ef /root/hidden.txt -cf /root/Downloads/new.jpg -e aes
-e specifies the algorithm to encrypt the data
Do not embed name(-N)
-N, --dontembedname Do not embed the file name of the secret file. If this option is used, the extractor needs to specify a filename to tell steghide where to write the embedded data.
steghide embed -ef /root/hidden.txt -cf /root/Downloads/new.jpg -N
Now while extracting the embedded file we can give some other name to the actual file means instead of extracting the file with name "hidden.txt" we can extract the file with some other name.
steghide extract -sf /root/Downloads/new.jpg -p my -xf confidential
Compression mode
Now if we want to compress text file before hiding it then we would use the following command. The compression level can vary from 1 to 9. The first level gives you speed to compress whereas, 9th level will provide you with the best compression techniques.
Anti Compression
if we don't want to compress the file then use -Z command option as show below
So this was a small article about steghide . it is a very useful and very easy tool for steganography.