DrJacob
DrJacob3y ago

Ok so basically I'm on Parrot Linux and have an image has a hidden steganographic inside.

I know I need to decode it with Steghide in the Parrot Terminal. I also know that I will find out what the hidden steganographic data (that with be extracted to a .txt file) with the command: "steghide extract -sf IMAGE.jpg -p PASSPHRASE". The question is, using a command that steghide provides... how would I get the PASSPHRASE to find the hidden message within the image jpg? Oh also, I know the seed is "Found (possible) seed: "b40d0b29" - now I am not sure what that means and if that can assist me in anyway, but I thought I'd drop that here just in case.
48 Replies
w33t
w33t3y ago
Does Parrot have StegCracker on it? I'd tab into my VM but I'm in my work environment. You might be able to use that seed There's also Stegseek that can essentially brute force it
w33t
w33t3y ago
GitHub
Releases · RickdeJager/stegseek
:zap: Worlds fastest steghide cracker, chewing through millions of passwords per second :zap: - RickdeJager/stegseek
DrJacob
DrJacobOP3y ago
I have stegseek installed, I just tried rockyou.txt on it (didn't work) I have steghide and stegeek installed, not stegcracker tho
w33t
w33t3y ago
Did you try the seed flag in stegseek to see if it can detect whether or not it's encrypted and if so, which algorithm?
DrJacob
DrJacobOP3y ago
Indeed I did
No description
DrJacob
DrJacobOP3y ago
Wait sorry wrong screenshot
DrJacob
DrJacobOP3y ago
No description
DrJacob
DrJacobOP3y ago
Bottom bit, the top was when I accidently messed up the file some how It's rijndeal-128
w33t
w33t3y ago
What happens if you run strings on it?
DrJacob
DrJacobOP3y ago
Not sure how would I do that?
w33t
w33t3y ago
strings <file name>
DrJacob
DrJacobOP3y ago
lots and lots of letters and sybols
w33t
w33t3y ago
So, strings shows... well, strings in a binary. You can use it in reverse engineering a binary like some malware to get an idea of what it's doing Can you send me the output? I'll bet the password is in there
DrJacob
DrJacobOP3y ago
w33t
w33t3y ago
Hmmm you could try CDEFGHIJSTUVWXYZcdefghijstuvwxyz but I don't see anything that sticks out as the password. I've gotten one before where it was a word that you could pick out and it was the pass Lemme do some digging
DrJacob
DrJacobOP3y ago
Okie okie I've heard about passwords that just stick out on those files before I converted the jpg to txt to start with to get what I sent above
DrJacob
DrJacobOP3y ago
Yeah CDEFGHIJSTUVWXYZcdefghijstuvwxyz did not work
No description
DrJacob
DrJacobOP3y ago
* cut the output off
No description
w33t
w33t3y ago
Not surprised Send the picture in here and when I'm done with this upcoming meeting, I'll play around with it and see if I can figure it out for you
DrJacob
DrJacobOP3y ago
https://anonfiles.com/e7t1keL9y0/ramdass_jpg Thats the image, I'm hoping it won't get rid of the steg in transfer Thanks 🙂
w33t
w33t3y ago
I don't think it will but we'll see lol and any time! I love a good challenge lol
DrJacob
DrJacobOP3y ago
Yess me too, it's got my friend stumped too
DrJacob
DrJacobOP3y ago
I ran this command, don't know if it shows anything intresting
No description
DrJacob
DrJacobOP3y ago
and this
No description
h3lmh0lt
h3lmh0lt3y ago
sorry, ill move the continued conversation to this thread. still running, at 50ish%, no luck yet
DrJacob
DrJacobOP3y ago
Hmm very strange stuff Have you double check to make sure you have got the encrypted data in the image to make sure it was not lost in transit?
w33t
w33t3y ago
Man, I'm gonna be honest, I'm stumped. I've been at it for a while now, trying a bunch of different things. I'm not a professional with stenography, of course but I just can't get it I tried a crapload of different passwords, too Imma get crackstation's PW list, which is 15gb of passwords and see if that works @drjacob Cracked it for ya 😉 Do you just want the answer straight up or do you want me to give you breadcrumbs on how to get there yourself?
DrJacob
DrJacobOP3y ago
I’ve actually cracked it earlier too 👀 around the same time too Did you discover it with a wordlist or by just typing it in? It got very spicy today I must say, but I’m the only one in my year to of cracked it so far I’m happy with that
w33t
w33t3y ago
Used that crackstation list and went "god damnit, I shoulda tried that" LOL
DrJacob
DrJacobOP3y ago
We get these challenges like this once a week by the college, and this one has stumped me the most I must say. But I reckon that’s down to lack of Linux knowledge and syntax “Be Still” was in that?
w33t
w33t3y ago
Yeah, it's over a billion unique passwords lol
DrJacob
DrJacobOP3y ago
Oh damnn, I’ll be taking took on that that’s crazy
DrJacob
DrJacobOP3y ago
I managed to get it by using multiple words I wasn’t aware the passphrase could be 2 words I had to but it in speech marks for it to be 2 words
w33t
w33t3y ago
well, the space is a character, so it's technically one string, if that makes sense
DrJacob
DrJacobOP3y ago
Yeahh but like python keeping it in “”
w33t
w33t3y ago
Yeah I'm just more upset that it took me so long 😂
DrJacob
DrJacobOP3y ago
Yeah same here tbh, I didn’t even realise it could be more than one word How did they guy even get that .txt list?
w33t
w33t3y ago
It's crackstation, it's been around for a loooong time but he also went out and gathered a bunch from data breaches
DrJacob
DrJacobOP3y ago
I’ve not heard of that, now… who’s been using be still as a password 🤔
w33t
w33t3y ago
People used to use easy dictionary words back in the day. Computer security wasn't really a concern in the beginning And not everyone thinks like us lol In fact, a lot of people don't
DrJacob
DrJacobOP3y ago
Yeah, I’ve thought that. I’d love to know what everyone’s passwords are purely from a curious point of view to see how unsecured people can be
h3lmh0lt
h3lmh0lt3y ago
Okay, so in my brief review crackstation>rockyou 👍 I really do wonder why steghide works like that. You think of a password as a string regardless, it seems odd to have to specify, with quotes, that the password input is a string to successfully process the space within it.
DrJacob
DrJacobOP3y ago
Yeahh, do you know how to get crackstation as I cannot seem to extract it from its .gz file
h3lmh0lt
h3lmh0lt3y ago
What command you using, "gzip -d filename.gz"? Make sure it's a .gz to and if you can't uncompress through CLI, then try a brand of GUI extractor
DrJacob
DrJacobOP3y ago
I did it on my main pc in the end then dragged it over to parrot after messing with the storage setting for the vm
w33t
w33t3y ago
I just right clicked and extracted in Caja. Not gonna make it more complicated than it needs to be lol

Did you find this page helpful?