Steganography on Kali Using Steghide
How to covertly hide data in images using Steghide on Kali Linux.
Hint: There’s no hidden messages in the first image.
Hiding data within an image sounds like something out of a spy movie. You don’t have to be a modern James Bond to learn this skill known as steganography.
Steganography is the art of hiding data within a non-secret medium. This practice has been around since ancient times dating back to 440 B.C. in Greece (Siper, Farley, and Lombardo 2005). The Americans and the British used invisible ink in the Revolutionary War to conceal messages from each other. Heat would be applied to the paper to reveal the hidden message.
Steganography is used in many capture the flag challenges in cybersecurity and hacking events.
In this article, we will discuss how to use Steghide on Kali Linux to conceal and extract hidden data within an image.
Prerequisites
- Kali Linux
- JPEG or BMP Image
- Text File
- Internet Connection
Steghide should work on other Linux distributions, but your mileage may vary.
1. Install Steghide
You’ll first need to install Steghide. To see if you have Steghide installed you can run the following command.
mrkmety@kali:~$ which steghide
mrkmety@kali:~$If nothing is returned you will need to run the following command to install Steghide.
mrkmety@kali:~$ sudo apt install steghide -y
Reading Package Lists... Done
...
Setting up steghide (0.5.1-14)...
Processing triggers for libc-bin (2.30-4)...
Processing triggers for man-db (2.9.1-1)...
Processing triggers for kali-menu (2020.2.1)...
mrkmety@kali:~$Steghide should now be installed. Run the following command to verify.
mrkmety@kali:~$ which steghide
mrkmety@kali:~$ /usr/bin/steghideStep 2. Read the Steghide man page and help section
You should familiarize yourself with the man page and help section that is available after installing Steghide.
While we will cover the required commands and flags to accomplish basic embedding and extraction of data from an image, it’s best to have a grasp on what a program does and the available flags/options.
Run the following command to pull up the man page.
mrkmety@kali:~$ man steghidePress Q to exit the man page once you have a basic understand of the program and features.
Run the following command to pull up the Steghide help section.
mrkmety@kali:~$ steghide --helpMove on to the next step once you are familiar with how the program works.
3. Find an Image
You are now ready to find an image in which you will embed data.
Steghide supports JPEG and BMP image file types. Once you have an image, ensure it is available on your Kali machine.
In this example, we will use the first JPEG image located in this article. Feel free to grab that image or any other JPEG or BMP file.
The filename in this example will be named “regular_image.jpeg”.
4. Have Your Secret Text Ready
Although we are using text in this example, Steghide does not have restrictions on the type of format secret data. You can embed anything you’d like in the image.
We are going to create a text file called “super_secret_stuff.txt” that we will use to embed in the image. You can use any text editor you’d like or you can run the following command to quickly create a text file.
mrkmety@kali:~$ echo "This is super secret text!" > ./super_secret_stuff.txtYou can check to see if the text file has been created and the contents by running the following command.
mrkmety@kali:~$ cat super_secret_stuff.txt
This is super secret text!Now that you have your image and text we are ready to move on to embedding the text in the image.
5. Embedding Data
You are now ready to start embedding data into your image using Steghide.
Run the following command to embed “super_secret_stuff.txt” into the image named “regular_image.jpeg”
mrkmety@kali:~$ steghide embed -cf regular_image.jpeg -ef super_secret_stuff.txtLet’s break down what this command is doing.
steghide — The name of the programembed — This is the command-cf — This flag is for the cover file (file used to embed data)filename — This is the name of the cover file-ef — This flag is for the embed file (file that will be embedded)filename — This is the name of the embedded file
You will be prompted to enter a passphrase. This passphrase will be required for anyone trying to extract the data from the image.
Note: A passphrase is not required. However, anyone trying to extract the data will be able to do so.
Enter a passphrase of “secrettext”.
Re-Enter your passphrase.
Enter passphrase:
Re-Enter passphrase:
embedding "super_secret_stuff.txt" in "regular_image.jpeg"... doneCongrats! Your text file is now embedded in the image!
Let’s move on to how we can extract the text file from the image.
6. Extract Data From Image
Extracting the data from the image is fairly easy as long as you know the passphrase.
Run the following command to extract the “super_secret_stuff.txt” file from the “regular_image.jpeg” file.
Note: While testing, make sure you aren’t trying to extract the text file into the same directory or you’ll be prompted to overwrite the file.
mrkmety@kali:~$ steghide extract -sf regular_image.jpegYou will be prompted to enter the passphrase.
Enter passphrase:
wrote extracted data to "super_secret_stuff.txt".The embedded text file will be extracted and written to your current directory.
Congrats! You successfully extracted a hidden text file from an image!
Notes/Tips
- Entering an incorrect passphrase will show the following response
mrkmety@kali:~$ steghide extract -sf regular_image.jpeg
Enter passphrase:
steghide: could not extract any data with that passphrase!- Steghide can be used on JPEG and BMP image files and WAV and AU audio files.
- Passphrases can be brute-force attacked by an attacker to extract any data in a file.
Wrapping Up
Steghide is a simple to use application that can easily embed files into images or audio. It’s one of my go-to tools when participating in CTF’s and has helped me find numerous flags.
While most people aren’t using steganography daily, it is a cybersecurity skill to have in your toolkit should the occasion arise.
If you have any questions feel free to Tweet or PM me @mrkmety
