Ok so basically I'm on Parrot Linux and have an image has a hidden steganographic inside.

I know I need to decode it with Steghide in the Parrot Terminal. I also know that I will find out what the hidden steganographic data (that with be extracted to a .txt file) with the command: "steghide extract -sf IMAGE.jpg -p PASSPHRASE". The question is, using a command that steghide provides... how would I get the PASSPHRASE to find the hidden message within the image jpg? Oh also, I know the seed is "Found (possible) seed: "b40d0b29" - now I am not sure what that means and if that can assist me in anyway, but I thought I'd drop that here just in case.
W
w33t496d ago
Does Parrot have StegCracker on it? I'd tab into my VM but I'm in my work environment. You might be able to use that seed There's also Stegseek that can essentially brute force it
W
w33t496d ago
GitHub
Releases · RickdeJager/stegseek
:zap: Worlds fastest steghide cracker, chewing through millions of passwords per second :zap: - RickdeJager/stegseek
D
DrJacob496d ago
I have stegseek installed, I just tried rockyou.txt on it (didn't work) I have steghide and stegeek installed, not stegcracker tho
W
w33t496d ago
Did you try the seed flag in stegseek to see if it can detect whether or not it's encrypted and if so, which algorithm?
D
DrJacob496d ago
Indeed I did
No description
D
DrJacob496d ago
Wait sorry wrong screenshot
D
DrJacob496d ago
No description
D
DrJacob496d ago
Bottom bit, the top was when I accidently messed up the file some how It's rijndeal-128
W
w33t496d ago
What happens if you run strings on it?
D
DrJacob496d ago
Not sure how would I do that?
W
w33t496d ago
strings <file name>
D
DrJacob496d ago
lots and lots of letters and sybols
W
w33t496d ago
So, strings shows... well, strings in a binary. You can use it in reverse engineering a binary like some malware to get an idea of what it's doing Can you send me the output? I'll bet the password is in there
D
DrJacob496d ago
W
w33t496d ago
Hmmm you could try CDEFGHIJSTUVWXYZcdefghijstuvwxyz but I don't see anything that sticks out as the password. I've gotten one before where it was a word that you could pick out and it was the pass Lemme do some digging
D
DrJacob496d ago
Okie okie I've heard about passwords that just stick out on those files before I converted the jpg to txt to start with to get what I sent above
D
DrJacob496d ago
Yeah CDEFGHIJSTUVWXYZcdefghijstuvwxyz did not work
No description
D
DrJacob496d ago
* cut the output off
No description
W
w33t496d ago
Not surprised Send the picture in here and when I'm done with this upcoming meeting, I'll play around with it and see if I can figure it out for you
D
DrJacob496d ago
https://anonfiles.com/e7t1keL9y0/ramdass_jpg Thats the image, I'm hoping it won't get rid of the steg in transfer Thanks 🙂
W
w33t496d ago
I don't think it will but we'll see lol and any time! I love a good challenge lol
D
DrJacob496d ago
Yess me too, it's got my friend stumped too
D
DrJacob496d ago
I ran this command, don't know if it shows anything intresting
No description
D
DrJacob496d ago
and this
No description
Z
zigg7_pigg7496d ago
sorry, ill move the continued conversation to this thread. still running, at 50ish%, no luck yet
D
DrJacob496d ago
Hmm very strange stuff Have you double check to make sure you have got the encrypted data in the image to make sure it was not lost in transit?
W
w33t495d ago
Man, I'm gonna be honest, I'm stumped. I've been at it for a while now, trying a bunch of different things. I'm not a professional with stenography, of course but I just can't get it I tried a crapload of different passwords, too Imma get crackstation's PW list, which is 15gb of passwords and see if that works @drjacob Cracked it for ya 😉 Do you just want the answer straight up or do you want me to give you breadcrumbs on how to get there yourself?
D
DrJacob495d ago
I’ve actually cracked it earlier too 👀 around the same time too Did you discover it with a wordlist or by just typing it in? It got very spicy today I must say, but I’m the only one in my year to of cracked it so far I’m happy with that
W
w33t495d ago
Used that crackstation list and went "god damnit, I shoulda tried that" LOL
D
DrJacob495d ago
We get these challenges like this once a week by the college, and this one has stumped me the most I must say. But I reckon that’s down to lack of Linux knowledge and syntax “Be Still” was in that?
W
w33t495d ago
Yeah, it's over a billion unique passwords lol
D
DrJacob495d ago
Oh damnn, I’ll be taking took on that that’s crazy
D
DrJacob495d ago
I managed to get it by using multiple words I wasn’t aware the passphrase could be 2 words I had to but it in speech marks for it to be 2 words
W
w33t495d ago
well, the space is a character, so it's technically one string, if that makes sense
D
DrJacob495d ago
Yeahh but like python keeping it in “”
W
w33t495d ago
Yeah I'm just more upset that it took me so long 😂
D
DrJacob495d ago
Yeah same here tbh, I didn’t even realise it could be more than one word How did they guy even get that .txt list?
W
w33t495d ago
It's crackstation, it's been around for a loooong time but he also went out and gathered a bunch from data breaches
D
DrJacob495d ago
I’ve not heard of that, now… who’s been using be still as a password 🤔
W
w33t495d ago
People used to use easy dictionary words back in the day. Computer security wasn't really a concern in the beginning And not everyone thinks like us lol In fact, a lot of people don't
D
DrJacob495d ago
Yeah, I’ve thought that. I’d love to know what everyone’s passwords are purely from a curious point of view to see how unsecured people can be
Z
zigg7_pigg7495d ago
Okay, so in my brief review crackstation>rockyou 👍 I really do wonder why steghide works like that. You think of a password as a string regardless, it seems odd to have to specify, with quotes, that the password input is a string to successfully process the space within it.
D
DrJacob495d ago
Yeahh, do you know how to get crackstation as I cannot seem to extract it from its .gz file
Z
zigg7_pigg7494d ago
What command you using, "gzip -d filename.gz"? Make sure it's a .gz to and if you can't uncompress through CLI, then try a brand of GUI extractor
D
DrJacob494d ago
I did it on my main pc in the end then dragged it over to parrot after messing with the storage setting for the vm
W
w33t494d ago
I just right clicked and extracted in Caja. Not gonna make it more complicated than it needs to be lol