Steghide (for JPEGS)

syntax for information and extraction:

steghide info <filename>

steghide extract -sf <filename>

Extract hash: steghide extract -sf [carrier_file.ext] -xf [hash_file.txt]

Once you have the hash you can use John to crack

Options:

embed - allows you to embed data into other files

-ef - lets you set file to embed

-cf - allows you to set cover file

-p - set password for cover file

example:

steghide embed -cf <cover file-any image file> -ef <file to hide in cover file>

Zsteg (for PNGs)

zsteg <filename>

options:

-E - extract data from specific payload

-v - verbose mode

-lsb - least significant bit

-msb - most significant bit

Exiftool - allows you to view and edit metadata

syntax:

exiftool <image name>

Stegveritas -supports nearly all image types

how to install:

pip3 install stegoveritas 

stegoveritas_install_deps

syntax:

stegoveritas <file>

Spectograms - hiding image in audio files

tool: sonic visualiser

Usage:

Open audio file, go to "layer" and add spectogram to see hidden image

Stegsolve -fiind hidden message or text

Available on Github

Strings - displays the string variables of files

Very useful command in linux and in CTFs (hidden flags)

Decoding QR:

qrqt - a linux tool 

https://zxing.org/w/decode.jspx   - online tool

Binwalk

• search binary files for hidden text or messages or audio files

binwalk <filename>  - Displays embedded data in the file

binwalk -e <filename>  - Displays and extracts data from file

Additional Notes:

From a recent CTF challenge:

You can use cyberchef to render an image. Select the RENDER IMAGE option.

Challenge required: changing the magic number to the correct file format, using XXD (--plain flag) image.png > image.txt

Then change the magic number and save file, using cyber chef, first select the HEX option then the RENDER IMAGE, this gave the flag.