Académique Documents
Professionnel Documents
Culture Documents
MY PROFILE
COURSES
0P3N
EXPLORE
JOBS
BUSINESS
LOGOUT
Search
22
Facebook
Twitter
Google+
Linkedin
Steganography:HideDataintoMediaFiles(Mr.RobotHack)
Views:3107
ByZ33MAXonMarch29,2016/PenetrationTestingandEthicalHacking/41Comments
HelloCybrarians,
IfyouhaveseenMr.RobotTVShow,aboutaguywhoworksasCyberSecurityEngineerbydayandahackerbynight,youwouldprobablyhave
seenwhatarewegoingtodointhistutorial.IntheshowEliotthehackerhideshis
dataintoinnocentlookingaudiofilesandkeepstheminCDsastogivetheimpressiontoanyonewholooksthroughhisstuffthatthesearehis
musiccollection.ThisprocessinknownasSteganography.
Steganographyiscancellingsensitiveinformationinsidenormallookingdocumentsormediafiles.
Intheshow,ElliothidhisdatausingaprogramcalledDeepSoundprogram.Thisprogramworksforwindowsonly.Inthistutorial,wewillthelearn
howtodothatnotonlyusingDeepSoundbutusingSteghide
(Commandline)toolfromLinuxaswelltocoverbothoperatingsystems(WindowsandLinux).
TutorialRequirement:
1WindowsVirtualmachine
2KaliLinuxvirtualmachine
3DeepSound:http://jpinsoft.net/DeepSound/Download.aspx
4StegHide
5Imagetouseascoverforthehiddendata
6File(docortextorimage)thatyouwanttohide
TutorialGuideline:
UsingDeepSoundforWindowsmachine(theoriginalMr.RobotTool)
UsingStegHideinKaliLinux(Commandlinetool)
SettingDeepSoundonWindowsmachine
Step1:DownloadDeepSound
Whenyoustartdownloading,Windowswillflashanalarmastheprogrammightbeharmtoyourcomputer.ClickonRun
ClickonRunanyway
Step2:Installtheprogramusingitswizard
Step3:HidedataintoanAudiofile(MP3)
Forthisstepyouneedanaudiofilepreferablymp3formattouseitwiththefilethatyouwanttohide.
OpentheprogramandClickonOpenCarrierFiles,chooseyouraudiofile.MyfilenameisMusic.mp3
Choosethefileyouwanttouseintheprogram.ForthedemoIjustusedtextfile,youcanusewordanyotherfileorimage
ClickonEncodesecretfiles.
CheckEncryptfilesusingAES256Algorithmandcreateapasswordthatlateronyouaregoingtousetodecodethemessage.
TerminologyAES256Algorithm:
(AES)AdvancedEncryptionStandard,isacryptographiccipherthatusesablocklengthof128bitsandkeylengthsof128,192or256bitsto
securedata.
Nowyouhaveareadyfileinformatof(.wav)thatcontainsyourdata.AtthisyoucansaveitinUSBorsendtosomeone,uptoyou.Theaudio
filewillworkperfectlynormalasnothinghiddeninsideit.
Thewaytodiscoverifsomethingishiddeninsidethemp3istoopeninusingHexEditortoseethevalueofthehiddenfile.(futuretutorials)
Step4:decodethefiletoseethemessage
Decodethefileisthealmostthesameastheencodeit
ClickonExtractthefiles
Enterthepasswordandyouwillseethehiddenfiles
NOTE:
Theprogramneedtobeusedinordertodecode,andextractthehiddenfile.
UsingStegHideinKaliLinux(Commandlinetool)
SteghideisanotherStenographytoolthatisspecificallyforLinux.Itletsyouhideyoursecretfilesinaformofimagesoraudiofiles.Importantthing
torememberinordertodecodethefile,youneedto
haveaLinuxOperatingsystemashost(orvirtualnodifference)andinstallthetoolbeforestartingthedecodingprocess.
Step1:InstallStegHide
Runthecommandbelowtoinstallthetool
aptgetinstallsteghide
Type(Y)whenitprompttocontinue
Onethetoolisinstalled,type(steghide)intheterminaltoopenthetool
Step2:Concealyourfileunderanimage
Now,wecanembedthefileyouwanttohideintoanimage
Run:steghideembedef(yourfilepath)cf(yourimagepath)
ef:embedfile
cf:coverfile
Whenyourunthecommand,thetoolshouldaskyouforapassphrase.Enterapassphrasetofinishtheembeddingprocess.
Oncetheprocessisdone,youshouldgetamessagethatyourfilewasembedintotheimageliketheabovepicture.
Notes:
steghidedoesnotsupportpdffiles
Ifthesizeofyourfileislarge,chooselargesizeimageaswell.
Step3:Decodethefiles
Forthesakeofthethistutorial,IusedanotherKalilinuxboxtodemonstratesendingtosomeonethroughanemail.
Afteryouinstalledthetoolintheotherkalilinuxbox
Runthiscommand
steghideextractsf(pathoftheyourimage).
Onceitisextracted,itisusuallysenttorootordesktop.
Tocheck:
Run:ls(aslistandseethehiddenfileshowonthedesktoporroot)
Thatsallforthistutorial.Thanksforreadingandstaytunedformore.
@Z33MAX
41Comments
1.
cheeko
7:13amonApril3,2016
niceeffortandpreciseexplanation
Reply
2.
Vinaypanchal
6:15amonApril3,2016
whichtoolisusedtoimage(Stenography)forensics?
Howtoweknowthisimageisstegnoimage?
Reply
3.
benestasio
5:47amonApril3,2016
veryinteresting
Reply
4.
T.I.R
2:43amonApril3,2016
Iwouldliketoknowmore
Reply
5.
bdub
1:01amonApril3,2016
Thisisagreatwaytostorefilesyoudontwantpeopletosee!Easytofollowinstructions,greatjob!
Reply
Page7of7 First ... 3 4 5 6 7
CommentonThis
Loggedinasmgc.Logout
SubmitComment
OurRevolution
WebelieveITandCyberSecuritytrainingshouldbefree,foreveryone,forever.Webelievethateveryone,everywhere,deservestheOPPORTUNITYtolearn,
primarilybecauseeveryoneisessentiallyforcedtouseinternetenableddevices.However,wearenotpreparedtodefendourselvesagainstthecyberthreatsthat
existandareemerging.JointhefreeCyberSecuritytrainingrevolutionatCybrary!
StudentSupport
GetSupport
OtherPages
About
TheTeam
JoinOurTeam
Press
News
TermsofService
HallofFame
ArchivedCybraryCourses
CybraryOnTheGo
GettheCybraryappforAndroidforonlineandofflineviewingofourlessons.
SupportCybrary
DonateHeretoGetThisMonth'sDonorBadge
Cybrary|0P3N
rubins
ProceduresforintegratingBeefandArmitage
Score:0/April1,2016
Dr3AMCoDeR
TrustandMotivationITMindset
Score:2/April1,2016
bjacharya
EthicalHackingwithKaliLinux[3]BypassingMACAddressFilter
Score:3/April1,2016
KodeRex
BasicDOS(DiscOperatingSystem)CommandsWindowsCommandLine
Score:2/March30,2016
FOLLOWUS:
2016Cybrary.ITPrivacyPolicyTermsofService
BacktoTop