{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
A tool for searching binary files for embedded hidden files and data. It's installed via apt
and its source is available on GitHub.
binwalk file # Displays the embedded data
binwalk -e file # Extracts the data
binwalk --dd ".*" file # Extracts all data
Recovers files based on their headers and footers, useful for png images. Installed via apt
with its source on GitHub.
foremost -i file # Extracts data
Helps to view file metadata, available here.
exiftool file # Shows the metadata
Similar to exiftool, for metadata viewing. Installable via apt
, source on GitHub, and has an official website.
exiv2 file # Shows the metadata
Identify the type of file you're dealing with.
Extracts readable strings from files, using various encoding settings to filter the output.
strings -n 6 file # Extracts strings with a minimum length of 6
strings -n 6 file | head -n 20 # First 20 strings
strings -n 6 file | tail -n 20 # Last 20 strings
strings -e s -n 6 file # 7bit strings
strings -e S -n 6 file # 8bit strings
strings -e l -n 6 file # 16bit strings (little-endian)
strings -e b -n 6 file # 16bit strings (big-endian)
strings -e L -n 6 file # 32bit strings (little-endian)
strings -e B -n 6 file # 32bit strings (big-endian)
Useful for comparing a modified file with its original version found online.
cmp original.jpg stego.jpg -b -l
Extracting Hidden Data in Text
Hidden Data in Spaces
Invisible characters in seemingly empty spaces may hide information. To extract this data, visit https://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder.
GraphicMagick serves to determine image file types and identify potential corruption. Execute the command below to inspect an image:
./magick identify -verbose stego.jpg
To attempt repair on a damaged image, adding a metadata comment might help:
./magick mogrify -set comment 'Extraneous bytes removed' stego.jpg
Steghide facilitates hiding data within JPEG, BMP, WAV, and AU
files, capable of embedding and extracting encrypted data. Installation is straightforward using apt
, and its source code is available on GitHub.
Commands:
steghide info file
reveals if a file contains hidden data.steghide extract -sf file [--passphrase password]
extracts the hidden data, password optional.
For web-based extraction, visit this website.
Bruteforce Attack with Stegcracker:
- To attempt password cracking on Steghide, use stegcracker as follows:
stegcracker <file> [<wordlist>]
zsteg specializes in uncovering hidden data in PNG and BMP files. Installation is done via gem install zsteg
, with its source on GitHub.
Commands:
zsteg -a file
applies all detection methods on a file.zsteg -E file
specifies a payload for data extraction.
stegoVeritas checks metadata, performs image transformations, and applies LSB brute forcing among other features. Use stegoveritas.py -h
for a full list of options and stegoveritas.py stego.jpg
to execute all checks.
Stegsolve applies various color filters to reveal hidden texts or messages within images. It's available on GitHub.
FFT for Hidden Content Detection
Fast Fourier Transform (FFT) techniques can unveil concealed content in images. Useful resources include:
Stegpy allows embedding information into image and audio files, supporting formats like PNG, BMP, GIF, WebP, and WAV. It's available on GitHub.
To analyze PNG files or to validate their authenticity, use:
apt-get install pngcheck
pngcheck stego.png
For further exploration, consider visiting:
Audio steganography offers a unique method to conceal information within sound files. Different tools are utilized for embedding or retrieving hidden content.
Steghide is a versatile tool designed for hiding data in JPEG, BMP, WAV, and AU files. Detailed instructions are provided in the stego tricks documentation.
This tool is compatible with a variety of formats including PNG, BMP, GIF, WebP, and WAV. For more information, refer to Stegpy's section.
ffmpeg is crucial for assessing the integrity of audio files, highlighting detailed information and pinpointing any discrepancies.
ffmpeg -v info -i stego.mp3 -f null -
WavSteg excels in concealing and extracting data within WAV files using the least significant bit strategy. It is accessible on GitHub. Commands include:
python3 WavSteg.py -r -b 1 -s soundfile -o outputfile
python3 WavSteg.py -r -b 2 -s soundfile -o outputfile
Deepsound allows for the encryption and detection of information within sound files using AES-256. It can be downloaded from the official page.
An invaluable tool for visual and analytical inspection of audio files, Sonic Visualizer can unveil hidden elements undetectable by other means. Visit the official website for more.
Detecting DTMF tones in audio files can be achieved through online tools such as this DTMF detector and DialABC.
Binary data that squares to a whole number might represent a QR code. Use this snippet to check:
import math
math.sqrt(2500) #50
For binary to image conversion, check dcode. To read QR codes, use this online barcode reader.
For translating Braille, the Branah Braille Translator is an excellent resource.
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.