Hey Folks, as we know that sometimes in a CTF challenge, we need some steganography skills to secret a key or a hint and for that we discover a variety of tools on Github, but today we has brought two steganography tools for you that you can use in your CTF labs.
Tools for Steganography
- Steghide – To hide string or key in any file format.
- Stegbrute – To crack password and extract string from JPEG file.
Let’s take a look 😛 !!
Stegbrute Tool Installation
Stegbrute is a fast steganography brute force tool written in Rust using also threads to achieve a faster execution. This is not a pre-installed tool so we have to install it first using the wget command and then move it to the binary folder to access it from anywhere.
wget https://github.com/R4yGM/stegbrute/releases/download/0.1.1/stegbrute && chmod +x stegbrute
mv stegbrute /usr/local/bin/
Done 😛 !! As you can see in the image below, we can now use this tool just by entering the name.
Steghide Tool Installation
Steghide is a steganography program that is able to hide data in various kinds of image- and audio-files. The tool is already connected to the kali linux repository and that is why we are able to install it using the “apt-get” command.
apt-get install steghide
Done 😛 !! Both tool are now successfully installed to demonstrate an example of steganography. First we will create a text file, hide the text file in JPEG file using Steghide tool and protect it with a password.
Usage 😛 !! steghide embed -cf < JPEF file > -ef < File that you want hide >
cat > secret.txt
steghide embed -cf jpg-vs-jpeg.jpg -ef secret.txt
Amazing 😛 !! As we know the Stegbrute tool uses wordlist to extract hidden content out of the file. Now all you have to do is to give this tool the location of the JPEG file and the wordlist and immediately after that it will try to crack it using multiple passwords. After the password is successfully cracked, we get the secret string in the result file that we previously hidden.
Usage 😛 !! stegbrute -f < Protected File > -w < Wordlist Path >
stegbrute -f jpg-vs-jpeg.jpg -w word.txt
In the same way you can hide any secret key and use these tools to prompt the user in your CTF labs.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.