Ok so basically I'm on Parrot Linux and have an image has a hidden steganographic inside.
I know I need to decode it with Steghide in the Parrot Terminal.
I also know that I will find out what the hidden steganographic data (that with be extracted to a .txt file) with the command:
"steghide extract -sf IMAGE.jpg -p PASSPHRASE".
The question is, using a command that steghide provides... how would I get the PASSPHRASE to find the hidden message within the image jpg?
Oh also, I know the seed is "Found (possible) seed: "b40d0b29" - now I am not sure what that means and if that can assist me in anyway, but I thought I'd drop that here just in case.
48 Replies
Does Parrot have StegCracker on it? I'd tab into my VM but I'm in my work environment. You might be able to use that seed
There's also Stegseek that can essentially brute force it
GitHub
Releases · RickdeJager/stegseek
:zap: Worlds fastest steghide cracker, chewing through millions of passwords per second :zap: - RickdeJager/stegseek
I have stegseek installed, I just tried rockyou.txt on it (didn't work)
I have steghide and stegeek installed, not stegcracker tho
Did you try the seed flag in stegseek to see if it can detect whether or not it's encrypted and if so, which algorithm?
Indeed I did
Wait sorry wrong screenshot
Bottom bit, the top was when I accidently messed up the file some how
It's rijndeal-128
What happens if you run strings on it?
Not sure how would I do that?
strings <file name>lots and lots of letters and sybols
So, strings shows... well, strings in a binary. You can use it in reverse engineering a binary like some malware to get an idea of what it's doing
Can you send me the output? I'll bet the password is in there
Hmmm you could try
CDEFGHIJSTUVWXYZcdefghijstuvwxyz but I don't see anything that sticks out as the password. I've gotten one before where it was a word that you could pick out and it was the pass
Lemme do some diggingOkie okie
I've heard about passwords that just stick out on those files before
I converted the jpg to txt to start with to get what I sent above
Yeah CDEFGHIJSTUVWXYZcdefghijstuvwxyz did not work
* cut the output off
Not surprised
Send the picture in here and when I'm done with this upcoming meeting, I'll play around with it and see if I can figure it out for you
https://anonfiles.com/e7t1keL9y0/ramdass_jpg
Thats the image, I'm hoping it won't get rid of the steg in transfer
Thanks 🙂
I don't think it will but we'll see lol and any time! I love a good challenge lol
Yess me too, it's got my friend stumped too
I ran this command, don't know if it shows anything intresting
and this
sorry, ill move the continued conversation to this thread. still running, at 50ish%, no luck yet
Hmm very strange stuff
Have you double check to make sure you have got the encrypted data in the image to make sure it was not lost in transit?
Man, I'm gonna be honest, I'm stumped. I've been at it for a while now, trying a bunch of different things. I'm not a professional with stenography, of course but I just can't get it
I tried a crapload of different passwords, too
Imma get crackstation's PW list, which is 15gb of passwords and see if that works
@drjacob Cracked it for ya 😉
Do you just want the answer straight up or do you want me to give you breadcrumbs on how to get there yourself?
I’ve actually cracked it earlier too 👀 around the same time too
Did you discover it with a wordlist or by just typing it in?
It got very spicy today I must say, but I’m the only one in my year to of cracked it so far I’m happy with that
Used that crackstation list and went "god damnit, I shoulda tried that" LOL
We get these challenges like this once a week by the college, and this one has stumped me the most I must say. But I reckon that’s down to lack of Linux knowledge and syntax
“Be Still” was in that?
Yeah, it's over a billion unique passwords lol
CrackStation's Password Cracking Dictionary (Pay what you want!)
Download CrackStation's password cracking wordlist.
Oh damnn, I’ll be taking took on that that’s crazy
I managed to get it by using multiple words
I wasn’t aware the passphrase could be 2 words
I had to but it in speech marks for it to be 2 words
well, the space is a character, so it's technically one string, if that makes sense
Yeahh but like python keeping it in “”
Yeah
I'm just more upset that it took me so long 😂
Yeah same here tbh, I didn’t even realise it could be more than one word
How did they guy even get that .txt list?
It's crackstation, it's been around for a loooong time
but he also went out and gathered a bunch from data breaches
I’ve not heard of that, now… who’s been using be still as a password 🤔
People used to use easy dictionary words back in the day. Computer security wasn't really a concern in the beginning
And not everyone thinks like us lol
In fact, a lot of people don't
Yeah, I’ve thought that. I’d love to know what everyone’s passwords are purely from a curious point of view to see how unsecured people can be
Okay, so in my brief review crackstation>rockyou 👍
I really do wonder why steghide works like that. You think of a password as a string regardless, it seems odd to have to specify, with quotes, that the password input is a string to successfully process the space within it.
Yeahh, do you know how to get crackstation as I cannot seem to extract it from its .gz file
What command you using, "gzip -d filename.gz"? Make sure it's a .gz to and if you can't uncompress through CLI, then try a brand of GUI extractor
I did it on my main pc in the end then dragged it over to parrot after messing with the storage setting for the vm
I just right clicked and extracted in Caja. Not gonna make it more complicated than it needs to be lol